The new ISO/IEC 27001:2022, released on October 25, 2022, updates the international standard for information security management. It brings changes to help organizations improve their information security and offers new business opportunities.
In this article, we delve into the second part of your most commonly asked queries about the differences between the new ISO 27001:2022 version and the former one, enabling you to confidently enhance your information security and gain a competitive advantage in your industry.
We persist with our preferred method of addressing your real-time questions. For responses to earlier queries, feel free to visit the first part of our answers at the provided link.
Just wondering, if we decide to switch to the new standard version now, how would the price for the certificate according to the new version of ISO 27001:2022 change?
Let's break down the key factors influencing the cost of a certificate under the new ISO 27001:2022 standard for your business:
The certification body's accreditations
Your business size and complexity
Your organization's readiness level
The existence of a long intermediary chain.
Typically, certification under the new ISO 27001:2022 standard takes at least half a day longer and might cost up to 10% more than the certification under the previous version.
Moreover, the cost for a certificate under the new ISO 27001:2022 standard can vary greatly, depending on numerous factors. These include the accreditation status of the chosen certification body, whether it issues an accredited or a regular certificate, the risks implied in the business, as well as your organization's size, complexity, and readiness level. So, when considering the cost of transitioning to the new standard, it's essential to consider these factors and identify the best certification option for your organization. The most effective approach is to engage directly with the relevant authorities, particularly if you're adept at navigating bureaucratic processes and determining accreditation status. As always, feel free to post your questions in the comments or reach out to us directly.
Is there any underwater rocks in getting ISO 27001 certified? How can a more credible certificate be recognized?
The cost of obtaining an ISO 27001:2022 certificate can differ greatly based on whether it's from an accredited body. There are many "turnkey" intermediaries who offer certificates from lesser-known bodies in South East Asia. Despite having a UK address, such bodies often lack accreditations or don't operate at all in the country of HQ's registration.
While these certificates may be cheaper, they won't be recognized by established international companies or tender commissions. Certification bodies offer a range of services, and the cost of an audit and certificate issuance can vary greatly. Therefore, when choosing a certification body, consider not just the price, but also its reputation, experience, and whether the certificate may be issued in English and the language you need, or apostilled (if needed), or if these would require extra fees.
How does the price for ISO 27001 certification depend on the scale of the business?
Here are the key factors that influence the cost of obtaining international ISO standard certification. This remains true, even for the updated ISO 27001:2022 standard.
Simply put, larger and more intricate companies tend to pay more. Many of the major international bodies we work with offer special pricing for the business based in Eastern Europe or Central Asia.
Therefore, a company with similar branches could encounter a price difference of up to 50 - 100% or more based on whether its HQs are registered in the USA or Kazakhstan. To simplify this complex pricing structure, we suggest submitting an application via the button below. This will give you an estimated cost from the international body tailored to your business. This typically takes up to two business days or rarely a bit longer.
Just curious, would there be a difference in price if we reach out to the local representative office of the body or if we go directly to the body?
Certification bodies may be accredited according to this standard, or may not have accreditation at all. Without accreditation, you're essentially investing in the company's brand and the paper the certificate is printed on. This could potentially lead to challenges in markets such as Southeast Asia, the UAE, the USA, or Europe. An unaccredited certificate heightens the risk of negotiations with international partners falling through or becomes a hurdle to participating in a tender. You can verify the accreditation of a certification body with the national accreditation body, ensuring a smooth process, minimal risks, and a compliance certificate at a reasonable price. This contributes positively to your business's opportunities, prestige, and recognition.
It's also advisable to confirm with your accounting department whether additional taxes on services of non-residents will be required. In some countries, like the former republics of the USSR, this tax can range between 5% to 15%.
In closing, experience shows that trust and direct engagement with an accredited body can reduce time spent on checking accreditations and cut the budget for certification by 50-150%. It's a confident, direct, and efficient approach.
For any questions, use the contact form or share in comments below.
Interested in a customized offer for the latest ISO 27001:2022 standard for your business? Click the button below and we'll handle it.
Comments