My queries: (1) How many Months of Data/Records of implementation is needed for the ISO27001 Certification,
and (2) What is the usual Timeline for the ISO27001 Certification from preparations, training, Stage1, Stage 2 Certification.
(1) How many Months of Data/Records of implementation is needed for the ISO27001 Certification,
Answer: Please note that ISO 27001 does not require a minimum period of data/records (i.e., a minimum period of the ISMS operation before the certification), however, some certification bodies do have such requirements, and some don't. Therefore, you should speak to the certification body you have chosen and see what criteria they have.
(2) What is the usual Timeline for the ISO27001 Certification from preparations, training, Stage1, Stage 2 Certification.
Answer: Please note that “preparations and training” means the implementation and operation of the Information Security Management Systems. For small and midsize organizations the implementation time frame can vary from 3 to 18 months, depending upon the size and complexity of the ISMS scope.
Regarding the certification audit, the total days to complete a certification audit (i.e., stages 1 and 2) will depend on the defined ISMS scope (e.g., number of locations, number of employees, etc.), so without detailed information, we cannot provide a precise answer for your case.
For small companies the Stage 1 and Stage 2 audits will usually take ca 5 days. These two audits can take place 2 weeks to 2 months apart.