News

The cost to certify ISO 27001 after implementation can vary from organization to organization based on size of the scope of registration including number of locations. Most registrars calculate their costs based on audit days so the larger the scope and number of locations, the larger the cost. Quotes from certification bodies typically cover a 3 year period which includes a full audit (stage 1 and 2) the 1st year and a smaller annual surveillance audit in years 2 and 3. Costs can range as low as $6,000 for a small scope with one location to over $50,000+ for a large organization with a large scope and many locations worldwide. Surveillance audits in years 2 and 3 are typically around half to one-third the cost of the 1st year full audit.