ISO 27001 CONSULTING FOR MEDIUM-SIZED BUSINESSES: FAST AND WORTHY
We have structured our ISO 27001 Consulting specifically for medium-sized businesses. ISO 27001 Certification helps your company maintain a high level of information security. We are there for you, from GAP analysis to audit support.
Our experience in ISO 27001 Consulting
We help you accelerate your ISO 270001 certification by performing a GAP analysis, preparing the relevant documents, and accompanying you during the audit.
We have more than 10 years of experience in preparing and supporting our clients through the ISO 270001 certification and recertification. Also, we have helped more than 30 companies so far.
Our Advantages at a Glance
Why do I need ISO 27001 Certification?
The first reason is obvious: you have a customer who requires you to be certified to ISO 27001. The second option is that you want to increase your information security as well as the IT security standards of your company. Also have an external look at your current processes, not only the IT processes but also other processes such as HR, Back-office, operational, and management processes. In addition to that, getting those certified by a 3rd Party Auditor increases your credibility as a supplier or service provider.
Why would you need ISO 27001 consultancy then?
Of course, not all companies will need ISO 27001 consultancy to get their certification. Most of them do, however! With an expert on board, you can decrease your resources and time spent on the certification, thus reducing your costs.
In the following, you will find some of the benefits of working with our ISO 27001 consultancy:
- Shortened overall project duration
- Avoidance of additional costs for re-audits
- A deeper understanding of the concepts and motivation behind ISO 27001 Certification.
ISO 27001 Consulting Costs
Of course, costs vary from company to company, both as an auditor and as a consultant. However, we have summarized the available options with the corresponding price ranges.
The costs can be divided into 3 parts, which are explained in detail:
- GAP Analysis: A GAP analysis is like a doctor’s X-ray. The GAP analysis shows you the current situation and what needs to be done to achieve ISO 27001 certification. Hence the ISO 27001 roadmap. It can be done as a one-day workshop and costs from experience between 1 and 5T€.
- Preparation, self-assessment, technical and physical security analysis, and ISMS structure: This is the most labor-intensive part of the ISO 27001 project. This part can be costly, so it starts from 3 to 10T€.
- Establishment of policies, processes, necessary documentation, and audit support: This is the last part of your ISO 27001. The price range is between 4 and 10T€ for this part.
Overall, the budget requirement is between 8k-25T€. If you calculate with a 2-person team, the consulting pays off if you save 1 week of working time, which is the case in most cases.
The project duration can be between 3 and 9 months. And please do not forget that you have to plan additional costs for the independent and DAkkS-accredited testing company.
For further information, schedule a meeting with us.
Ready to start an ISO 27001 Project?
Then our ISO 27001 workshop is the one for you. At the end of the 1-day workshop, you will receive your full-featured GAP analysis and your schedule for your ISO 27001 project: ISO 27001 Roadmap.
What are the differences between ISO 27001 and TISAX®?
Although TISAX® was originally derived from ISO 27001, the two standards are completely independent of each other. There are also no dependencies in terms of application, requirements, audits and certifications. In other words, if you have TISAX® or ISO 27001, one does not replace the other.
In this view, we’ve compiled a list of differences as a summary. However, we will go into details later in this post:
- ISO 27001 is a certification, TISAX® is a label.
- ISO 27001 is international, but TISAX® is not international yet.
- TISAX® is used in the automotive industry, while ISO 27001 can be applied in all industries.
- In TISAX®, the entire company is assessed. In ISO 27001, production lines can be assessed individually.
- TISAX® catalog requires the maturity level of each control, ISO 27001 does not measure maturity level.
- The re-audit structure is different. The TISAX® re-audit takes place after 3 years, whereas ISO 27001 takes place annually.
- Since TISAX® is automotive-specific, it includes details such as prototype protection, data protection (which is much more stringent than ISO 27001, especially if Assessment Level 3 is targeted)
- TISAX® has 9 months from the beginning to resolve all major and minor discrepancies.
- TISAX® has a limited choice for auditors compared to ISO 27001.
Wrapping-up: Your path to ISO 27001 Certification
Who certifies to ISO 27001?
In each country, there are certain institutions that act as a supervisory authority for ISO certifications such as ISO 9001, ISO 14001, ISO 27001, etc. In Germany, for example, the accreditation body is called DAkkS (German Accreditation Body). DAkkS is the national accreditation authority of the Federal Republic of Germany. DAkkS accredits certification bodies nationwide.
The certification bodies that have DAkkS accreditation can certify according to ISO. For each standard a separate accreditation is necessary.
Note: Please ask if your certification body is DAkkS accredited and ask for the accreditation certificate.
ISO 27001 Certification and Its Benefits
Two ways we can help you
We are here to help you get your ISO 27001 certification at less cost and faster.
Would you like to learn more about ISO 27001 or do you have any questions? Then make a free-of-charge appointment.
Do you want to start your ISO 27001 project already? Then book our GAP analysis so that you have your maturity level and your ISO 27001 roadmap clearly defined.
An established ISMS, operational ISO 27001 processes and KPIs are the milestones to ISO 27001 Certification. However, an existing ISO 9001 Certificate simplifies the path to ISO 27001 certification.
The audit for certification according to ISO 27001 is performed by an external auditor. The prerequisite is a DAkkS accreditation. The certification company must be commissioned independently. We can help you with the selection and commissioning.
Of course, it depends on the maturity level of your company. Project duration and resulting costs are 3-9 months and 15-30 T€.
The certification body must have a DAkkS accreditation for ISO 27001. We support you in finding the optimal DAkkS accredited certification body for you.
The required time depends on the size of your company. Of course, it also depends on the maturity of your information security management system. The total project duration is between 3 and 9 months.