Estimating the price for risk assessment
Assign topic to the user
Answer:
When acting as a consultant, you normally charge per hour or per day - for risk assessment jobs it is usually per day. To calculate the amount of time you'll need for your job, you have to know the following:
- Are you going to perform the interviews with all the department heads, or are they going to fill out the risk assessment sheets themselves
- Are you going to participate in determining the security controls, or will the client do this on their own
- Which other documents should you write
By the way, as part of our ISO 27001 Consultant Toolkit https://advisera.com/27001academy/consultants/ you'll find a document called "Division of tasks & time plan" which describes all the tasks in more detail, together with the expected timing for each.
In my book Secure & Simple you'll find a detailed explanation of the risk assessment process: https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
This article may also help you: 3 phases of delivering an ISO 27001/ISO 22301 consulting job https://advisera.com/27001academy/blog/2015/09/28/3-phases-of-delivering-an-iso-27001iso-22301-consulting-job/
Comment as guest or Sign in
Jul 08, 2016