Analysis with each standard and implementation
Como se evalúa para hacer el cobro por el análisis con cada norma y la implementación
Assign topic to the user
I'm assuming you want to know what you need to evaluate to know how to charge for a diagnostic against a standard and for its implementation.
Considering that, when acting as a consultant, you normally charge per hour or per day - for a diagnostic against a standard it is usually per day, and for standard implementation, it is usually per hour.
To calculate the amount of time you'll need for a diagnostic, you have to know the following:
- Are you going to perform the interviews with all the department heads, or are they going to fill out the diagnostic sheets themselves
- Are you going to perform a deep analysis of documentation and controls or not
To calculate the amount of time you'll need for implementation, you have to know the following:
- Are you going to perform an active role in the implementation, or are they going to act as a support role
- Are you going to participate in determining the security controls, or will the client do this on their own
- Which documents should you write
By the way, as part of our ISO 27001 Consultant Toolkit https://advisera.com/27001academy/consultants/ you'll find a document called "Division of tasks & time plan" which describes all the implementation tasks in more detail, together with the expected timing for each.
In the book Secure & Simple you'll find a detailed explanation of the steps in the implementation: https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
This article may also help you:
- 3 phases of delivering an ISO 27001/ISO 22301 consulting job https://advisera.com/27001academy/blog/2015/09/28/3-phases-of-delivering-an-iso-27001iso-22301-consulting-job/
Comment as guest or Sign in
Jul 29, 2020