​​​​ISO 27001 Certification Process and Timeline

Here you see an example of an ISO 27001 certification time line. Each implementation and certification is different: it depends on the responsiveness of the client, the availability of the certification body etc. but this should give  you a good overall idea about the time frame and steps involved.

 

Pre-Certification Phase

2-3 Weeks

GAP Analysis

Take Inventory – Determine the Starting Point

~3 months

Implementation

  • Write Policy & Standards
  • Document Procedures
  • Establish ISMS

2-3 months

Observation

How does this work in daily practice?

  • Control & Observe
  • Make Adjustments
  • Refine Procedures

1 week

Internal Audit

Dry-Run for Certification Audit

Certification Process

1-2 Months

Certification Audits

Phase 1 Certification Audit

Phase 2 Certification Audit

CERTIFIED

Internal Audits

Every 3-6 Months

1 Year After Certification

Review Audit by Certification Body

Internal Audits

Every 6 Months

2 Years After Certification

Review Audit by Certification Body

Internal Audits

Every 6 Months

3 Years After Certification

Re-Certification Audits

Phase 1 Certification Audit

Phase 2 Certification Audit

RE-CERTIFIED

We’d Love to Talk About Your Cybersecurity Strategy.

- ​None of the information you provide in the form below will be used for marketing purposes -