Resources
Everything you need to know
Company
Security and customers first
Close

Request a demo

Find out today the difference that Hicomply’s unique solution can make to your business.

Close

Thank you for your request

Success

In the meantime, connect with Hicomply for insights on authentication and fraud prevention

Close

ROI Calculator

See how much you could save with Hicomply

Hicomply feature Yearly saving
Automated scoping Easily scope your ISMS with the Hicomply platform
Asset register autogeneration A shorter learning curve for organisations and a simplified process
Risk assessment Autogenerate your risk register and risk treatment plan
Extended policy templates 90% of the essential are already written out of the box
Controls framework All controls are pre-loaded and already linked to the risks they mitigate
Task management Automate all actions, administration and setup time of your ISMS
Real time monitoring Understand status and progress across your ISMS with the Hicomply dashboard
Compliance & Training Your whole team, on the same page
Audit readiness Hicomply makes sure you have everything in place for your audit
Auditor access Give auditors a dedicated login to access and audit your ISM
Back to Knowledge & Insights

How Much Does ISO 27001 Certification Cost?

This is the most commonly-searched query about ISO/IEC 27001 (also written as ISO 27001), so you're not alone in asking!

Recent Gartner research shows 88% of company boards now view cybersecurity as a business risk, leading to huge demand for information security certification. In 2021, as many as 58,687 ISO 27001 certificates were issued globally – but there’s still the perception that it can be expensive and time consuming.

We have set out the many benefits of obtaining ISO 27001:

  • Competitive advantage through tenders
  • Strategic business growth and funding
  • Reducing risk
  • Building a cyber reputation, culture and posture

So how much does ISO 27001 certification cost? Depending on the route you take and the technology you use, the cost can range from as little as £21k to as much as £84k.

The ISO 27001 Certification Process

ISO 27001 is at least a 10-stage process, and each stage includes a different set of costs.

ISO 27001 certification process

Routes to certification

There are four routes you can take to certification. Using a 25-employee business as an example, the options and costs are as follows (all options assume external consistent audit costs by an independent auditor):

Route 1: 100% in-house staff, using Hicomply software platform

Investing in a GRC software platform like Hicomply will reduce employee time by 75%. Automate evidence collection, streamline asset registers & risk assessments, deliver pre-written templates for policies and procedures, and manage tasks within the platform. Our integrations features allow you to maintain compliance while you work.

An approved Hicomply Partner auditor can also audit you remotely at a reduced cost. The total first year cost would be around £21,000.

Cost: £21,000

Route 2: Hybrid option. In-house staff supported by consultant, using Hicomply software platform

This option a hybrid of in-house, consultants and technology, is the second-lowest cost at around £30,000.

Cost: £30,000

Route 3: 100% outsourced consultant, using Microsoft templates

Hiring a consultant who uses their own content will be the second most expensive option at around £60k in total Consultant fees are generally £30,000-£50,000. Using a consultant means your staff can focus on their day jobs, although there is still some staff time required throughout the process.

Cost: £30,000-£50,000

Route 4: 100% in house staff, using Microsoft templates

In theory, this may seem like the cheapest route. However when you add in the full cost of your employees’ time, it can actually be the most expensive route. Factoring external audit costs and a cost of £300 per day (£78k/year for a skilled information security analyst) you’re looking at £84,000 to obtain certification.

Cost: £84,000

The ISO 27001 External Audit Costs

The stages of an external audit are as follows:

  • Initial certification audit – Stage 1 and 2 Audits, £3k – £17k
  • Stage 1 is the documentation audit, and stage 2 is the certification audit
  • Periodic surveillance audits - at 12-month intervals £1K – £6k
  • Re-certification audits conducted every 3 years.

Since mid 2020, the IAF has permitted remote audits which allows platforms such as Hicomply to be audit friendly.

Cost Breakdown Of The Different Routes

Route

External audits are in all cases by 3rd party consultant

Internal

Staff cost

(£300/day)

Consultant - Content

Consultant - Internal Audit

External Audit (Year 1)

ISMS Content

Tools / Templates / Software Platform

Year 1 Cost

Route 1: 100% in-house staff | using Hicomply software platform

£7.2k

0.5 days per week

n/a

£0k

£5k

Reduced Hicomply partner fee

£9.6k

£21.8k

Route 2: Hybrid option | in-house staff supported by consultant | using Hicomply software platform

£7.2k

0.5 days per week

n/a

£3k

£10k

£10k

£30.2k

Route 3: 100% outsourced consultant | using Microsoft templates

£14.4k

1 day per week

£25k

£5k

£10k

£5k

£59.4k

Route 4 : 100% in-house staff | using Microsoft templates

£72k

n/a

n/a

£10k

£2k

£84k

What Will ISO 27001 Cost Your Company?

Team Hicomply has helped hundreds of companies in on the journey to compliance.

Book a demo or get in touch to learn more about the cost of ISO/IEC 27001 for your company.

More Insights

ISO27001
Go Phish? How To Avoid Falling Foul Of Fraudsters
ISO27001
The UK Counties Most Impacted By Fraud And…
ISO27001
Cybersecurity In Education: Mitigating The Risk…

Discover how much you could save

Get ISO 27001 certification with Hicomply