1. Internal resources - the system covers a wide range of business functions - management, HR, IT, facilities & security. These resources will be required during the implementation of an ISMS.
2. Consultancy resources - a experienced consultant will save a huge amount of time, an will often challenge you on the implications of the controls you select. They will also prove a useful tool during internal audits where our independence and Lead Auditor status will ensure smooth transition towards certification. Contact us and we can give you a better picture of our costs. Typically look for 20-30 days work at similar rates to other IT consultants / professional services.
3. Certification costs - only a few certification bodies currently assess companies against ISO 27001, but fees are not much more than against other standards eg ISO 9001 or ISO 14001.
4. Implementation costs - this cannot be estimated by us. If, as a result of a risk assessment, or audit, a gap appears in your system and you feel the best way to address the risk is to buy a better firewall for example, it could be construed as an implementation cost.
Very useful information..
ReplyDeleteISO 13485 Certification