Solutions The best route to security compliance
Platform A powerful suite of ISMS features
Resources Everything you need to know
Knowledge Base Learn more about infosec
Company Security and customers first

ISO 27001 Certification Cost

How much does ISO/IEC 27001 cost? It's one of the most searched-for questions about the standard. Team Hicomply looks at the different ways you can achieve certification for your organisation.

This is the most commonly-searched query about ISO/IEC 27001 (also written as ISO 27001), so you're not alone in asking!

Recent Gartner research shows 88% of company boards now view cybersecurity as a business risk, leading to huge demand for information security certification. In 2021, as many as 58,687 ISO 27001 certificates were issued globally – but there’s still the perception that it can be expensive and time consuming.

We have set out the many benefits of obtaining ISO 27001:

  • Competitive advantage through tenders
  • Strategic business growth and funding
  • Reducing risk
  • Building a cyber reputation, culture and posture

So how much does ISO 27001 certification cost? Depending on the route you take and the technology you use, the cost can range from as little as £21k to as much as £84k.

The ISO 27001 Certification Process

ISO 27001 is at least a 10-stage process, and each stage includes a different set of costs.

ISO 27001 certification process

Routes to certification

There are four routes you can take to certification. Using a 25-employee business as an example, the options and costs are as follows (all options assume external consistent audit costs by an independent auditor):

Route 1: 100% in-house staff, using Hicomply software platform

Investing in a GRC software platform like Hicomply will reduce employee time by 75%. Automate evidence collection, streamline asset registers & risk assessments, deliver pre-written templates for policies and procedures, and manage tasks within the platform. Our integrations features allow you to maintain compliance while you work.

An approved Hicomply Partner auditor can also audit you remotely at a reduced cost. The total first year cost would be around £21,000.

Cost: £21,000

Route 2: Hybrid option. In-house staff supported by consultant, using Hicomply software platform

This option a hybrid of in-house, consultants and technology, is the second-lowest cost at around £30,000.

Cost: £30,000

Route 3: 100% outsourced consultant, using Microsoft templates

Hiring a consultant who uses their own content will be the second most expensive option at around £60k in total Consultant fees are generally £30,000-£50,000. Using a consultant means your staff can focus on their day jobs, although there is still some staff time required throughout the process.

Cost: £30,000-£50,000

Route 4: 100% in house staff, using Microsoft templates

In theory, this may seem like the cheapest route. However when you add in the full cost of your employees’ time, it can actually be the most expensive route. Factoring external audit costs and a cost of £300 per day (£78k/year for a skilled information security analyst) you’re looking at £84,000 to obtain certification.

Cost: £84,000

The ISO 27001 External Audit Costs

The stages of an external audit are as follows:

  • Initial certification audit – Stage 1 and 2 Audits, £3k – £17k
  • Stage 1 is the documentation audit, and stage 2 is the certification audit
  • Periodic surveillance audits - at 12-month intervals £1K – £6k
  • Re-certification audits conducted every 3 years.

Since mid 2020, the IAF has permitted remote audits which allows platforms such as Hicomply to be audit friendly.

Cost Breakdown Of The Different Routes


External audits are in all cases by 3rd party consultant


Staff cost


Consultant - Content

Consultant - Internal Audit

External Audit (Year 1)

ISMS Content

Tools / Templates / Software Platform

Year 1 Cost

Route 1: 100% in-house staff | using Hicomply software platform


0.5 days per week




Reduced Hicomply partner fee



Route 2: Hybrid option | in-house staff supported by consultant | using Hicomply software platform


0.5 days per week






Route 3: 100% outsourced consultant | using Microsoft templates


1 day per week






Route 4 : 100% in-house staff | using Microsoft templates







What Will ISO 27001 Cost Your Company?

Team Hicomply has helped hundreds of companies in on the journey to compliance.

Book a demo or get in touch to learn more about the cost of ISO/IEC 27001 for your company.