The initial audit consists of stage 1 (document and readiness check) and stage 2 (main assessment) audit which is split up into two phases. After the audit a report is created and you pay a fee for the certificate license. After the initial audit and certification, a surveillance audit is conducted annually which is shorter in duration and cheaper. After a three-year period, you start with the so-called recertification audit.

The costs of certification mainly depend on the number of people (FTE) working in the scope of the ISMS, the complexity of the organizations’ processes, as well as their IT landscape, and the industry. Note that these pricing ranges are approximate and can vary based. To provide you with an accurate quote, it is needed to gather more details about your requirements.

If you have any further questions or would like to discuss your specific needs, please feel free to contact us directly.