Skip to main content

Are you considering achieving ISO certification for your organisation?

This guide provides a detailed breakdown of the costs associated with obtaining ISO 9001 and ISO 27001 certifications.

As two of the most sought-after ISO standards, these certifications can elevate your business’s reputation, enhance efficiency, and fortify information security.

ISO 9001 – Focused on Quality

ISO 9001 is the globally recognised standard for Quality Management Systems (QMS), and empowers businesses to align with customer and partner expectations effectively.

With over a million organisations worldwide certified, ISO 9001 lays the foundations for success with the principles outlined below:

    • Leadership
    • Improvement
    • Customer focus
    • Process approach
    • Engagement of people
    • Relationship management
    • Evidence-based decision making

These principles revolve around customer satisfaction, fostering a culture of continuous improvement.

Regardless of an organisation’s size or industry, ISO 9001 offers numerous benefits, including heightened credibility, operational efficiency, and elevated customer satisfaction.

ISO 9001 Certification Costs

Obtaining ISO 9001 certification involves two key expenses: consultancy costs and certification body costs.

Consulting expenses relating to ISO 9001 are evaluated by your consultant, taking into account your organisation’s readiness and dedication to the process, its level of development, and the extent of existing documented information.

On the other hand, costs associated with certification bodies are distinct and independent from consultancy fees. These costs are determined by the certification body (CB), considering a number of variables such as the certification scope, company size, site count, and any risks associated with the certification scope.

ISO 9001 Consultancy Costs:

These costs are determined by your consultant based on the complexity of your organisation’s processes and the existing documented information. A tailored approach ensures efficient guidance through the certification journey.

Certification Body Costs for ISO 9001:

Separate from consultancy fees, certification body costs depend on factors such as scope of certification, company size, and more. The audit duration is governed by International Standard document (IAF MD 5), and costs are determined by the certification body’s man-day rate.

Here’s a glimpse of initial certification body costs for ISO 9001, based on personnel count:

    • 1-10 Personnel: €1000 – €2400
    • 11-25 Personnel: €1200 – €3500
    • 26-45 Personnel: €1400 – €4500
    • 46-65 Personnel: €1600 – €5600
    • 66-85 Personnel: €1800 – €6600
    • 86-125 Personnel: €2000 – €7700

ISO 27001 – Protect your IT and data

ISO 27001, the global standard for Information Security Management Systems (ISMS), safeguards sensitive information while ensuring accessibility for authorised individuals.

The core principles of ISO 27001 are rooted in confidentiality, integrity, and availability (abbreviated to CIA), offering protection against cyber threats and data breaches.

While often associated with GDPR, ISO 27001’s benefits go far beyond compliance and data protection alone.

ISO 27001 aims to shield intellectual property, brand, and reputation, as well as digital and physical assets of all kinds, making it indispensable for any organisation handling sensitive data.

ISO 27001 Certification Costs

ISO 27001 certification expenses comprise consultancy and certification body costs.

Your consultant gauges consultancy costs relating to ISO 27001 based on the extent of your organisation’s commitment, process maturity, and the availability of documented information, if any.

Meanwhile, certification body costs stand as external expenses and are entirely separate from consultancy charges. The certification body (CB) determines these costs, factoring in elements such as the certification scope, company size, number of sites or premises, and the risk linked to the certification scope.

ISO 27001 Consultancy Costs:

Tailored to your organisation’s needs, consultancy costs reflect the required effort, the maturity of existing processes, and the level of information security in place.

Certification Body Costs relating to ISO 27001:

These external costs are influenced by factors such as scope, company size, and risk level. Accredited bodies use criteria like ISO 27006:2015 audit time chart for cost calculation.

Initial certification body costs for ISO 27001, based on personnel count, are as follows:

    • 1-10 Persons Under Control: €3000 – €5500
    • 11-25 Persons Under Control: €3500 – €8000
    • 26-45 Persons Under Control: €5500 – €9500
    • 46-65 Persons Under Control: €6500 – €11000
    • 66-85 Persons Under Control: €7500 – €12000
    • 86-125 Persons Under Control: €8000 – €13000


Any ISO certification brings tangible benefits to organisations, from improved efficiency and quality to enhanced security.

By understanding the components of consultancy and certification body costs for both ISO 9001 and ISO 27001, you can make informed decisions that positively impact your business’s growth and reputation.

Embark on your ISO certification journey today to secure a brighter future for your business.


Contact STEP for any questions about ISO certifications.

    How did you hear about us?*

    Fyll i detta formulär så kontaktar vi dig snart


      Drop your details below and we’ll be in touch


        Drop your details below and we’ll be in touch


          Sign up to our newsletter

          Receive information about the latest ISO standards, best practices, quality and information security & management tips.