Our services
ISO 27001 certification
Set up and certify a structured ISMS: build trust with clients and partners, and get a firm grip on information security.
Why do organisations choose ISO 27001 certification?
Trust with clients and partners
More and more organisations require ISO 27001 for collaborations or tenders. With ISO 27001 you show that your company takes information security seriously.
Always up to date with ISO 27001
ISO 27001 was updated in 2022. The latest version aligns better with current risks such as remote working, working in the cloud, and privacy challenges.
Structure and control
ISO 27001 helps organisations keep security manageable. The ISMS encourages continuous evaluation, so security is not a one-off snapshot but becomes embedded in your organisation.
What is involved in ISO 27001 implementation?
Implementing ISO 27001 means setting up an Information Security Management System (ISMS). That may sound complex, but in practice it mainly means defining clear rules around information security and applying them.
The main steps are clearly defined:
Define scope
Clearly determine which parts of your organisation fall under the certificate. This prevents ambiguity later in the process.
Perform risk analysis
Carry out a clear risk analysis and determine which measures are needed. This forms the heart of your security system.
Policies and procedures
Write practical documents that align with the day-to-day practice of your organisation. Make sure these documents are understandable to everyone.
Training and awareness
Train your staff so they understand why security matters and what is expected of them for the measures to succeed. This builds support within the organisation.
Internal audit and certification
Conduct internal audits in preparation for the external audit. This ensures your organisation is fully ready to be successfully certified.
What does ISO 27001 certification cost approximately?
An ISO 27001 certification consists of several components and never comes with a fixed price tag. There are internal costs (hours), certification costs, and possible software costs. Total costs depend on various factors that influence each other.
The table below gives an indication of the costs for an organisation to become ISO 27001 certified. Note: these are indicative costs.
| Type of organisation | FTE | IT/process complexity | Costs |
|---|---|---|---|
| Small-scale service provider | 10–25 | Low (simple processes, on-prem) | €7,000 – €12,000 |
| Medium service provider | 25–50 | Medium (cloud, CI/CD, API integrations) | €10,000 – €15,000 |
| Medium-sized organisation | 50–250 | Medium/high (diverse teams, compliance) | €15,000 – €25,000 |
| (International) SME | 250–500 | High (multiple markets, data transfers) | €25,000 – €40,000 |
| Large enterprise / multinational | >500 | Very high (cloud, legacy, outsourcing) | €40,000 – €70,000+ |
Questions about ISO 27001?
Contact us for a no-obligation conversation about certification and implementation for your organisation.
Get in touch