Asking what the cost of implementing ISO27001 into your organisation is a bit like asking how long a piece of string is. However, it is possible to get a rough estimation of how much it would cost; you just need to know what to look at.
Back to the string analogy.
If you need to connect two objects together that are 100m apart, you’d need 100m of string.
Now let’s say those objects are now only 50m apart, you’d need 50m of string.
The bigger the distance, the longer the string.
The same logic applies for ISO27001 in that the bigger the organisation, the more it’s going to cost. There are of course other factors that you need to consider such as:
- Number of offices
- Current resources available (in house knowledge)
- Which certification body is used
- Time restrictions
When looking for examples of ISO27001 implementation, you need to be looking at similar organisations. So if you’re an organisation of 10 employees operating out of one office, then it’s no use looking at organisations of 100 employees with 3 offices because it’s likely that their cost is going to be around £20-25k.
Instead, you want to be looking at organisations such as Workforce Metrics, an SME who recently achieved certification-readiness ISO 27001 for under £5,000 and the total costs (including the certificate) came up at under £7,000
You can learn more about Workforce Metrics and their story in the short video below.
Download the Workforce Metrics ISO 27001 Case Study