The costs of certification mainly depends on the number of people (FTE) working “under the organization’s control”. This includes both internal and external (subcontracted) employees.
Accredited certification bodies will base their calculation on the audit time chart as defined in ISO 27006:2015. With an average cost of € 1500 per day (in Europe), below table will give you a nice indication.
| People (FTE) | Audit days (min-max) | Cost of certification (€) |
|---|---|---|
| 1-10 | 3.5-5 | 5250-7500 |
| 11-15 | 4-6 | 6000-9000 |
| 16-25 | 5.5-7 | 7500-10500 |
| 26-45 | 6-8.5 | 9000-12750 |
| 46-65 | 7-10 | 10500-15000 |
| 66-85 | 8-11 | 12000-16500 |
| 86-125 | 8.5-12 | 12750-18000 |
The lower end on the estimation can be achieved if the certification body has reasons to believe the ISMS is not too complex or has demonstrated previous performance, both of which are the case when you are using Instant 27001!
Where do I find a certification body?
Curious to see how prepared your organization is for ISO 27001? Answer 10 simple questions and get instant feedback. Your result will show your current strengths and highlight opportunities to improve security in a practical way.
More frequently asked questions
About Instant 27001 (the product)