I'm assuming you want to know what you need to evaluate to know how to charge for a diagnostic against a standard and for its implementation.
Considering that, when acting as a consultant, you normally charge per hour or per day - for a diagnostic against a standard it is usually per day, and for standard implementation, it is usually per hour.
To calculate the amount of time you'll need for a diagnostic, you have to know the following:
Are you going to perform the interviews with all the department heads, or are they going to fill out the diagnostic sheets themselves
Are you going to perform a deep analysis of documentation and controls or not
To calculate the amount of time you'll need for implementation, you have to know the following:
Are you going to perform an active role in the implementation, or are they going to act as a support role
Are you going to participate in determining the security controls, or will the client do this on their own