Analysis with each standard and implementation

I'm assuming you want to know what you need to evaluate to know how to charge for a diagnostic against a standard and for its implementation.

Considering that, when acting as a consultant, you normally charge per hour or per day - for a diagnostic against a standard it is usually per day, and for standard implementation, it is usually per hour.

To calculate the amount of time you'll need for a diagnostic, you have to know the following:

• Are you going to perform the interviews with all the department heads, or are they going to fill out the diagnostic sheets themselves
• Are you going to perform a deep analysis of documentation and controls or not

To calculate the amount of time you'll need for implementation, you have to know the following:

• Are you going to perform an active role in the implementation, or are they going to  act as a support role
• Are you going to participate in determining the security controls, or will the client do this on their own
• Which documents should you write

By the way, as part of our ISO 27001 Consultant Toolkit https://advisera.com/27001academy/consultants/ you'll find a document called "Division of tasks & time plan" which describes all the implementation tasks in more detail, together with the expected timing for each.

In the book Secure & Simple you'll find a detailed explanation of the steps in the implementation: https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/

This article may also help you:

• 3 phases of delivering an ISO 27001/ISO 22301 consulting job https://advisera.com/27001academy/blog/2015/09/28/3-phases-of-delivering-an-iso-27001iso-22301-consulting-job/