“How Much Does ISO 27001 Certification Cost?” I’m asked this frequently. Here, I won’t give you precise figures, but some important pointers as to why prices might vary, and what to avoid. We offer a different approach.

Shock, Awe (And Envy)

Occasionally, despite over 25 years in this business, I’m shocked. Often, I’m also a little angry, too. A company director told me recently that he had been quoted a daily consultant’s fee of £1500 a day for implementing an ISO 27001. The work would take 14 days. “That’ll be £21000, please. Cash or card? Nice work if you can get it.

On The Other Hand…

Meanwhile, I recently achieved ISO 27001 certification for a local business for less than £6000. This included certification by a leading independent body. Was this “ISO 27001-lite”? No. Did I skip over anything? No. So what was different?

Why Is ISO 27001 So Important Anyway?

However, just to make sure we understand each other, what is ISO 27001? It’s an ISO Standard intended to implement and maintain an IT and Information Security System in a business. Before you ask, yes, you most definitely need it. In case you need to know, here’s why.

Ransomware attacks, customer database hacking, spoofing, virus infections. It’s a hot topic. Local criminals may try and steal your safe or computers. However, your biggest business threat may well come from another continent. Sadly, a burglar alarm won’t help. Furthermore, some organisations will demand that you hold ISO 27001 before even thinking about trading with your company.

Economical Versus “Cheap”

Back to costs. If we are not cutting corners, then why will we be economical (but not “cheap”)?

Firstly, we create and implement the system ourselves. There are no large commissions in the fees for brokers, middle-men, agencies, etc. We have the competence and proven experience in-house, and commit to create a fully compliant system for you first time . We even give a guarantee on a first-time pass. If we fail (which we never have) we will work for you free of charge until you do. We are a lean and focused organisation.

Smarter Versus Wordier

Furthermore, we “work smart”. Our senior consultant was a former auditor with a major certification body. This is the equivalent of your driving instructor being a former driving test examiner. We understand ISO systems and certification requirements from the auditor’s side. This means that we create lean and bespoke systems. Furthermore, We do not create tonnes of documents, hoping that the auditor will be impressed. In a previous corporate quality role, our senior consultant had to read systems by many “world-leading companies”. Many were infected with heavily documented procedures and systems which appear to have been generated by consultants on a “paid by the number of words” basis.

Less is More. It Also Works.

Weighty and pointless procedures waste time, and hence money. Also, concise, easy-to-understand ISO 27001 Certification documents tend to win favour with employees, and have more chance of being followed. Additionally, simple and effective systems have less risk of potential audit failure.

Next?

How Much Does ISO 27001 Certification Cost? Agreed, we haven’t really answered the “cost” question in hard figures ? Our costs will be based on your company, which is, of course, unique among companies.

Like a bespoke suit, it needs to fit but measurements must be taken. This leads me to the next stage – if you like the sound of our approach, maybe it’s time to get together, find out about your enterprise, and come up with a solution. We would love to hear from you.

Share This