ISO 27001 Consultant effort

1 -Would you be expected to be on site for the full 5 months? I would think this is very restrictive with regards to taking on more clients

Answer: It will depend upon your role in the implementation. Will you be responsible for elaborating and implementing policies and procedures, or will you provide support and orientation to your client team?

If your situation is the first one, you will probably have to be on site once or twice a week throughout the 5-month period.

If your role falls in the second scenario you probably will have to be on site only a few times to verify on-site implementations and orient the implementation team. But be aware that at the beginning of the project you will spent a lot of time on site to get things running.

2 - If you don’t have to be on site for the full 5 months, on average, how many days would you be expected to be on site? Of course, I understand that this would be dependent on scope and possibly work req uired as part of the risk treatment plan , but I am hoping you could give guidance from experience.

Answer: Since the project duration is only 5 months, I would recommend you to be on site from 2 or 3 days every 15 days. During this time you can verify the implemented controls, suggest and plan adjustment, prepare the team for the next phase, and most important of all, talk personally with management to report the project progress and get their feelings about the project.

3 - If you do not have to be on site for the full 5 months, do you/have you taken on more than one implementation at once? If so, how do you manage your time? (do you use a tool (e.g. MS Project), an assistant, or possibly a simple timetable)

Answer: The quantity of projects you can manage at same time will depend upon your need to be on site and the distance between sites. As a personal rule, I try to keep from 2 to 4 simultaneous projects where there is a need to be on site, so that in perfect conditions I can dedicate at least one day a week for each of them. If you work remotely this quantity may be greater. And regarding remote work, I suggest you take a look at our online ISO Tool, Conformio https://advisera.com/conformio/ , which can help you manage your projects.

These articles will provide you further explanation about consultant effort:
- 3 phases of delivering an ISO 27001/ISO 22301 consulting job https://advisera.com/27001academy/blog/2015/09/28/3-phases-of-delivering-an-iso-27001iso-22301-consulting-job/
- How to become an ISO 27001 / ISO 22301 consultant https://advisera.com/27001academy/blog/2014/07/21/how-to-become-an-iso-27001-iso-22301-consultant/

Additionally, I suggest you take a look at our Consultant toolkit https://advisera.com/27001academy/consultants/ . As part of the templates you can use to manage your consultation projects and stakeholder you are eligible to get continuous support from us throughout your implementation consultancies.

These materials will also help you regarding consultant effort:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/