1. ISO 27001 foundation course;
2. ISO 27001 internal auditor course;
3. EU GDPR foundations course; and
4. EU GDPR Data Protection Officer course.
Therefore, I appreciate to have a response on the following questions:
1. How many months or years does it take to implement both standard as an integration?
2. Could a small-mid size company as a Data Center meet compliance in 5 months with 1 person doing the project?
Answer: For both questions, the time to implement ISO 27001 will depend on many variables, like the size of the organization, the complexity of the scope, the resources available (including people doing the project), etc., but in general, for small and medium-sized organizations the implementation duration, can vary from 3 to 12 months. When considering an integrated implementation with GPDR, you should consider 10% to 20% more time, specificity of the GDPR.