Expert Advice Community


ISO 27001 implementation and budget

Guest user Created:   Oct 08, 2019 Last commented:   Oct 08, 2019

ISO 27001 implementation and budget

I'm working for a university project, the subject is to price the security of a company whose main business is to give advice on cybersecurity. This company is located in 6 different nation (XYZ) with a total of 740 employees with the HQ in XYZ. I m aware that ISO 27001 is a main criteria today for a company because it can provide you some guidelines on what to protect and allows you to gain the audience thanks to the certification. But my main concern is to understand how to implement it?

Where should I start with this certification, I mean I have a budget of XYZ USD and the main focus should be the protection of the confidential data. By seeking information on internet I can not gather enough information on the budget that I should enable for the company.

0 0

Assign topic to the user


Step-by-step implementation for smaller companies.


Step-by-step implementation for smaller companies.

Rhand Leal Oct 08, 2019

Regarding ISO 27001 implementation, after getting support for your project (through approval of the ISMS project plan) and approval of the Procedure for Document and Record Control, you should consider these steps:

  • defining ISMS basic framework (e.g., scope, objectives, organizational structure), by understanding the organizational context and requirements of interested parties
  • development of risk assessment and treatment methodology
  • perform risk assessment and define the risk treatment plan
  • controls implementation (e.g., policies and procedures documentation, acquisitions, etc.)
  • people training and awareness
  • controls operation
  • performance monitoring and measurement
  • perform internal audit
  • perform management critical review
  • address nonconformities, corrective actions, and opportunities for improvement.

This article will provide you further explanation about ISMS implementation:
- ISO 27001 implementation checklist

These materials will also help you regarding ISO 27001 implementation:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own
- ISO 27001:2013 Foundations Course

About implementation costs, there are a significant number of variables to be considered when estimating an implementation cost, so without more detailed information, it's not possible to precise a value. What I can tell you are some cost issues you should consider:

  • Training and literature
  • External assistance
  • Technologies to be updated/implemented
  • Employee's effort and time
  • The certification process

Regarding ISMS maintenance costs, the above-mentioned costs also have to be considered, but at different levels, and you have to add the surveillance audit costs for certification maintenance.

These articles can provide you more information:
- How much does ISO 27001 implementation cost?
- 5 ways to avoid overhead with ISO 27001 (and keep the costs down)
- How to Budget an ISO 27001 Implementation Project

0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 08, 2019

Oct 08, 2019

Suggested Topics

Guest user Created:   Aug 08, 2018 ISO 27001 & 22301
Replies: 1
0 0

CISO role