Questions about certification

1. How many organizations implemented ISO 27001 and got certificated?

There is no way to rise information about how many organizations implemented ISO 27001 since it is not mandatory for organizations to publicize that they adopted practices of this standard.

Regarding information about ISO 27001 certified organizations, unfortunately, there is no central list of certified organizations (you must consult each certification body to track which companies are certified by them).

However, the ISO site provides an ISO survey where you can find general information about certifications, like total quantity, quantity per country, quantity industry, etc. It does not nominate organizations.

You can find this survey at this link: https://isotc.iso.org/livelink/livelink?func=ll&objId=18808772&objAction=browse&viewType=1

According to this survey, in 2018 we had a total of 31910 ISO 27001 certified organizations around the world.

2. How long to get ISO 27001 certification?

The duration of the implementation project varies according to many variables (e.g., available resources, experience with standard's requirements, top management involvement, etc.), but for small and medium-size organizations the implementation generally varies from 3 to 12 months.

To get an insight into the time duration for your organization, please access our ISO 27001/ISO 22301 Implementation Duration Calculator at this link: https://advisera.com/27001academy/free-tools/free-calculator-duration-of-iso-27001-iso-22301-implementation/

This article will provide you a further explanation about the implementation process:
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

3. How much cost for ISO 27001 certification?

There are a significant number of variables to be considered when estimating an implementation cost, so without more detailed information, it's not possible to precise a value. What I can tell you are some cost issues you should consider:
- Training and literature
- External assistance
- Technologies to be updated/implemented
- Employee's effort and time
- The certification process

Regarding ISMS maintenance costs, the above-mentioned costs also have to be considered, but at different levels, and you have to add the surveillance audit costs for certification maintenance.

These articles can provide you more information:
- How much does ISO 27001 implementation cost? https://advisera.com/27001academy/blog/2011/02/08/how-much-does-iso-27001-implementation-cost/
- 5 ways to avoid overhead with ISO 27001 (and keep the costs down) https://advisera.com/27001academy/blog/2012/06/19/5-ways-to-avoid-overhead-with-iso-27001-and-keep-the-costs-down/
- How to Budget an ISO 27001 Implementation Project https://info.advisera.com/27001academy/free-download/how-to-budget-an-iso-27001-implementation-project/