ISO 27001 and GDPR Implementation

1. ISO 27001 foundation course;
2. ISO 27001 internal auditor course;
3. EU GDPR foundations course; and
4. EU GDPR Data Protection Officer course.

Therefore, I appreciate to have a response on the following questions:

1. How many months or years does it take to implement both standard as an integration?
2. Could a small-mid size company as a Data Center meet compliance in 5 months with 1 person doing the project?

Answer: For both questions, the time to implement ISO 27001 will depend on many variables, like the size of the organization, the complexity of the scope, the resources available (including people doing the project), etc., but in general, for small and medium-sized organizations the implementation duration, can vary from 3 to 12 months. When considering an integrated implementation with GPDR, you should consider 10% to 20% more time, specificity of the GDPR.

To have an estimate based on your organization context, I s uggest you to take a look at our free ISO 27001/ISO 22301 Duration Calculator at this link: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/

These articles will provide you further explanation about ISO 27001 and GDPR implementation:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
- How to implement integrated management systems https://advisera.com/articles/how-to-implement-integrated-management-systems/

These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/