All types Page Article White Paper Download
Solutions The best route to security compliance
Hicomply Privacy™ ISO 27001 ISO 9001 ISO 14001 SOC 2 NHS DSPT NIST 800-53 Hicomply GRC™ Services & Customer Support
Platform A powerful suite of ISMS features
Dashboard ISMS Scoping Policy Management Risk Management Information Asset Management Task Management Integrations Hicomply for Enterprises Trust Centre Controls Monitor Hicomply AI
Resources Everything you need to know
Knowledge & Insights Resources Hub Case Studies Sectors Glossary News ROI Calculator
Knowledge Base Learn more about infosec
ISO 27001 Knowledge Base SOC 2 Knowledge Base NHS DSPT Knowledge Base PCI DSS Knowledge Base NIST 800-53 Knowledge Base
Company Security and customers first
About News Partners Careers Contact

ISO 27001 Certification Cost

How much does ISO/IEC 27001 cost? It's one of the most searched-for questions about the standard. Team Hicomply looks at the different ways you can achieve certification for your organisation.

More

This is the most commonly-searched query about ISO/IEC 27001 (also written as ISO 27001), so you're not alone in asking!

Recent Gartner research shows 88% of company boards now view cybersecurity as a business risk, leading to huge demand for information security certification. In 2021, as many as 58,687 ISO 27001 certificates were issued globally – but there’s still the perception that it can be expensive and time consuming.

We have set out the many benefits of obtaining ISO 27001:

  • Competitive advantage through tenders
  • Strategic business growth and funding
  • Reducing risk
  • Building a cyber reputation, culture and posture

So how much does ISO 27001 certification cost? Depending on the route you take and the technology you use, the cost can range from as little as £21k to as much as £84k.

The ISO 27001 Certification Process

ISO 27001 is at least a 10-stage process, and each stage includes a different set of costs.

ISO 27001 certification process

Routes to certification

There are four routes you can take to certification. Using a 25-employee business as an example, the options and costs are as follows (all options assume external consistent audit costs by an independent auditor):

Route 1: 100% in-house staff, using Hicomply software platform

Investing in a GRC software platform like Hicomply will reduce employee time by 75%. Automate evidence collection, streamline asset registers & risk assessments, deliver pre-written templates for policies and procedures, and manage tasks within the platform. Our integrations features allow you to maintain compliance while you work.

An approved Hicomply Partner auditor can also audit you remotely at a reduced cost. The total first year cost would be around £21,000.

Cost: £21,000

Route 2: Hybrid option. In-house staff supported by consultant, using Hicomply software platform

This option a hybrid of in-house, consultants and technology, is the second-lowest cost at around £30,000.

Cost: £30,000

Route 3: 100% outsourced consultant, using Microsoft templates

Hiring a consultant who uses their own content will be the second most expensive option at around £60k in total Consultant fees are generally £30,000-£50,000. Using a consultant means your staff can focus on their day jobs, although there is still some staff time required throughout the process.

Cost: £30,000-£50,000

Route 4: 100% in house staff, using Microsoft templates

In theory, this may seem like the cheapest route. However when you add in the full cost of your employees’ time, it can actually be the most expensive route. Factoring external audit costs and a cost of £300 per day (£78k/year for a skilled information security analyst) you’re looking at £84,000 to obtain certification.

Cost: £84,000

The ISO 27001 External Audit Costs

The stages of an external audit are as follows:

  • Initial certification audit – Stage 1 and 2 Audits, £3k – £17k
  • Stage 1 is the documentation audit, and stage 2 is the certification audit
  • Periodic surveillance audits - at 12-month intervals £1K – £6k
  • Re-certification audits conducted every 3 years.

Since mid 2020, the IAF has permitted remote audits which allows platforms such as Hicomply to be audit friendly.

Cost Breakdown Of The Different Routes

Route

External audits are in all cases by 3rd party consultant

Internal

Staff cost

(£300/day)

Consultant - Content

Consultant - Internal Audit

External Audit (Year 1)

ISMS Content

Tools / Templates / Software Platform

Year 1 Cost

Route 1: 100% in-house staff | using Hicomply software platform

£7.2k

0.5 days per week

n/a

£0k

£5k

Reduced Hicomply partner fee

£9.6k

£21.8k

Route 2: Hybrid option | in-house staff supported by consultant | using Hicomply software platform

£7.2k

0.5 days per week

n/a

£3k

£10k

£10k

£30.2k

Route 3: 100% outsourced consultant | using Microsoft templates

£14.4k

1 day per week

£25k

£5k

£10k

£5k

£59.4k

Route 4 : 100% in-house staff | using Microsoft templates

£72k

n/a

n/a

£10k

£2k

£84k

What Will ISO 27001 Cost Your Company?

Team Hicomply has helped hundreds of companies in on the journey to compliance.

Book a demo or get in touch to learn more about the cost of ISO/IEC 27001 for your company.