What are the costs for ISO 27001 certification in a small service company?

If you're in a similar size range, I suggest checking out Secureframe. They work with many small to medium businesses, though I'm not sure what their current pricing for ISO 27001 is.

We help organizations with ISO 27001 implementation. I recommend reaching out to iso27001standards.com for a no-obligation proposal. They can provide a tailored estimate for your needs!

Based on our experience with a similar company, here are our costs: $4,000 yearly for a GRC platform, $10,000 for compliance guidance and internal audit from our GRC vendor, and $9,000 for the third-party external audit. After the first year, we’ll be looking at $3,500 for recertification in the next two years. That GRC platform might feel a bit pricey, but it helps with SOC2 as well. You might consider skipping the GRC platform if you have the capability to do the internal audit yourself, but I'm concerned the external auditor could charge more if they find your controls are poorly organized.

Could you specify what country and currency you’re looking at? It can vary widely depending on those factors.

It's tough to give an exact figure, but in my experience, the auditing cost where I work was typically around $30K. However, we ended up paying $15K since we used a GRC automation platform which costs about $8K yearly. Keep in mind that this doesn’t include any extra licensing fees or the cost of employee time needed for the audit.