This website uses cookies. View our cookie policy
Select regional store:

Typical ISO 27001 certification costs

When budgeting for an ISO 27001 project, it’s important to take certification costs into account as well as the actual cost of implementing the Standard.

Having prepared hundreds of organisations for ISO 27001 certification over the last 15 years, IT Governance suggests you budget the following amounts to cover the cost of the initial certification audit – there will be further audit costs over the duration of the three-year certification period.

The actual fee charged will depend on the certification body (CB) you appoint and the risk it associates with your information security management system, but you could use the following table as a guide*:

Number of employees Estimated certification cost
<19 £1,990
20-49 £2,985
50-99 £4,975
100-249 £6,965
250-499 £7,960
500-999 £8,955
1000-4999 £10,945
5000+ £12,935


*Please note: the information provided is for guidance purposes only and should not be taken as definitive. These costs are based on our experience and your chosen CB’s costs may differ. The above amounts do not include fees post the initial certification audit and are based on a positive recommendation at the Stage 2 audit.

With fixed-price packages for implementing the Standard and guidance on typical certification costs, it is now easier to calculate your budget requirements and build a business case for achieving ISO 27001 certification.

Find out more information on our fixed-price implementation solutions >>