I am currently researching on the topic of ISO 27001 as our number of institutional clients is increasing.
I would be interested in some information regarding the standard so I would be very grateful if you could take some time to help me with the questions:
1. I looked at the phases of standards from Planning, Implementation, Verification and Further Improvements. I wonder how long on average full implementation and verification takes?
2. Where are and what are our potential financial costs?
3. At what stage would the Auditor come and is this something you could do for us? (Also, I'm interested in the fee for that)
4. Any PDF resource would be great, which could describe the whole process in more detail. So if you have something similar, please send it to me.
5. Since we are just starting to look at the standard, we do not have too much prior knowledge, so please add anything that you think is important and I failed to ask