Certification costs

Answer: The main certification's costs area are related to the size of the scope and the controls to be implemented, so I suggest you to verify if the scope size is appropriated to the organization's objectives for the ISMS and which are the risks levels the organization is willing to accept (the more risk taken, the less controls will be regarded as necessary). A smaller scope and less controls to be implemented will also reduce the implementation time. During implementation, a way to shorten the time is to implement some normally sequential controls at same time (e.g. information classification and back up). But please note that these alternatives should be well weighte d considering the risks of your implemented system ends up lacking the capacity to work properly.

To help you validate you implementation duration estimative, try our Free Calculator – Duration of ISO 27001/ISO 22301 Implementation (https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/)

This article will provide you further explanation about reducing ISMS costs:
- 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/

These materials will also help you regarding implementing an ISMS:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
- How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project