ISO 27001 links
Telephone
+44 (0)1799 506151
for further
information
ISO 27001 - likely costs |
 |
Four costs need to be considered when implementing this type of project.
- Internal resources - the system covers a wide range of business functions - management, HR, IT, facilities & security. These resources will be required during the implementation of an ISMS.
- Consultancy resources - a experienced consultant will save a huge amount of time, an will often challenge you on the implications of the controls you select. They will also prove a useful tool during internal audits where our independence and Lead Auditor status will ensure smooth transition towards certification. Contact us and we can give you a better picture of our costs. Typically look for 20-30 days work at similar rates to other IT consultants / professional services.
- Certification costs - only a few certification bodies currently assess companies against ISO 27001, but fees are not much more than against other standards eg ISO 9001 or ISO 14001.
- Implementation costs - this cannot be estimated by us. If, as a result of a risk assessment, or audit, a gap appears in your system and you feel the best way to address the risk is to buy a better firewall for example, it could be construed as an implementation cost.
Does implementing ISO 27001 force you to implement retina eye scans in order to access the office kitchen?
No. Your perception of risk, and how much risk you are prepared to accept is what will drive your implementation costs, if it hasn't affected the way you do business already. Remember, there is almost always more than one way to treat, or mitigate a risk.