The cost of ISO 27001 certification

ISO 27001 certification can be broken down into different phases: "Estimates are given for a company with around twenty employees and a relatively uncomplicated product or organization."

• The cost of certification itself (certification body) :

During each 3-year period, the cost of the various certifier interventions (initial, surveillance and renewal audits) is €10-15k. (As a reminder, the cycle for any ISO certification is 3 years - more info.)

• The cost of time spent setting up :

This is the hourly cost of staff dedicated to implementing the ISMS.

During the important phases at the beginning of the project (2 months) and at the end of the project (2 months), the project manager's work represents between 1 and 2 man-days per week. During the project monitoring and coordination phases, the project manager's workload amounts to 1 man-day per week.

You can choose to be more moderately involved by delegating a large part of the work to the project manager. With a consultant acting as project manager and consultant/trainer.

• Cost of ISO support and training :

The cost of ISO 27001 certification inevitably varies according to the size of the company: it could double for a 150-strong business, compared with a 10-strong SME.

It also varies according to the scope chosen and the tasks entrusted to the project manager (training, consultancy, white audit, formalization of procedures).

For an SME of 20 people, this cost can range from €25k to €45k. The average cost is around €30k.

‍