The concept is fine, but things are getting complicated when it comes to implementation. You would have to convince your direction if you are not in top management yourself that ISO 27001 is actually needed in your business. Management is overloaded with deadlines and obligations and it is not possible that they want to undertake another job. At first sight, it might seem that this paperwork should not cost too much, but soon you find that you need to pay for the adviser, purchase literature, train your workers, invest in equipment and software, cover certification etc.
In case you have got a consultant that is frank, he or she will tell you that it is inadequate to get a consultant to provide you but you have to try tough to customize the documentation based on your situation. However, it does not stop here – the adviser tells you really need to do exactly what the documentation (and the standard) let you do. And it is a permanent obligation, not an endeavor. So you come to your coworkers and inquire how the task would divide for running and implementing ISO 27001 and they start talking about something different. Worse, you may ask management to hire. You end up being appointed Project supervisor forĀ iso 27001 training with nearly or little budget, with direction that needs the certificate as soon as possible after the job has started and a staff that does not actually need to bother with information security.
The Price of certification
If you want to get public Evidence that you have complied with ISO 27001, the certification body will need to perform a certification audit – the cost will depend on the amount of person days they will spend doing the job, ranging from under 10 man days for smaller businesses up to a few dozen individual days for bigger organizations. The expense of man day depends upon the local market. You need to be very careful not to underestimate the real cost of ISO 27001 jobs – if you do, your direction will begin taking a look at your job in a negative light. On the other hand, forecasting all prices correctly will reveal your level of professionalism; and do not forget – you always need to present both the price and the benefits.