Secure 0118 359 2220 Get Started

Press ESC to close or Enter to search

Popular Pages
Managed IT Cyber Security Case Studies Pricing Contact
Home
About Us
Services
Managed IT Services Cyber Security & Compliance Microsoft 365 Cloud & Hosting Backup & Disaster Recovery Connectivity & Telephony Incident Response & 24/7 IT Support Reading
Pricing
Tools
Domain Health Check About You Password Generator
Resources
Case Studies Threat Intelligence Blog & Insights Guides FAQs Customer Portal Remote Support
Contact
Get Started
Live Security Feed
Your IPDetecting...
NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025 NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025
View Dashboard
Compliance

How Much Does ISO 27001 Certification Cost for SMEs?

Quick Answer

For a typical SME (20-100 employees), expect £15,000-30,000 total. This includes implementation support, the certification audit, and getting your systems up to standard.

Quick answer: For a typical SME (20-100 employees), expect £15,000-30,000 total. This includes implementation support, the certification audit, and getting your systems up to standard.

Where the Money Goes

1. Implementation support: £8,000-20,000

Building an Information Security Management System (ISMS) that meets the standard. This includes:

  • Gap analysis against ISO 27001 requirements
  • Risk assessment methodology and execution
  • Policy and procedure development
  • Control implementation
  • Internal audit
  • Management review preparation
You can do this yourself, but it typically takes 6-12 months of significant internal effort. Most SMEs use consultants to accelerate and get it right.

2. Certification audit: £4,000-10,000

A UKAS-accredited certification body conducts the audit in two stages:

  • Stage 1: Document review, readiness check
  • Stage 2: Full audit of your ISMS implementation
Audit costs depend on your organisation's size and complexity.

3. Fixes and tooling: Variable

Whatever gaps the process uncovers. Might include:

  • Security tools you don't have yet
  • Backup improvements
  • Access control systems
  • Training platforms
Could be minimal if you're already well-managed. Could be significant if you're starting from scratch.

4. Ongoing costs: £3,000-8,000/year

ISO 27001 isn't one-and-done:

  • Annual surveillance audits
  • Recertification every three years
  • Maintaining and improving the ISMS

What Affects the Price

Organisation size: More people = larger scope = more audit days = higher cost.

Complexity: Multiple sites, complex systems, or unusual technology increases effort.

Starting point: If your security is already solid, implementation is faster. If you're starting from chaos, expect more work.

How much you do internally: Heavy consultant involvement costs more but goes faster. Doing more yourself costs less but takes longer.

Is It Worth It?

Yes, if:

  • Customers require it (increasingly common)
  • You're bidding on contracts where it's expected
  • You want to genuinely improve security (the process forces good discipline)
  • Cyber insurance is getting difficult or expensive
Maybe not, if:
  • No one's asking for it
  • Cyber Essentials meets your current requirements
  • You can't sustain the ongoing commitment

How We Help

We're ISO 27001 certified ourselves—we've been through the process and maintain it.

We offer:

  • Gap analysis - know what you're facing before committing
  • Implementation support - practical help building your ISMS
  • Managed ISMS - we run your management system ongoing
For managed clients, much of what ISO 27001 requires is already in place. Certification becomes formalising what we already do rather than building from scratch.

---

*Disclaimer: Costs shown are indicative based on typical UK market rates at time of writing. Actual costs vary significantly based on organisation size, complexity, existing security maturity, and scope. Contact us for a realistic assessment based on your situation.*

---

- we'll scope it properly.

---

Related Questions