WELCOME TO A PRICING PAGE THAT ACTUALLY GIVES YOU THE PRICE
Whether you're looking to get ISO 27001 certified or keep your existing certification healthy, you shouldn't need a secret handshake, three reference calls, and a 90-minute "discovery session" just to find out what things might cost.
Most consultants would rather walk barefoot on Lego than tell you their prices upfront. We're different.
Jump to what you need:
Staying Certified (Maintenance)
Both? Here's the complete picture
Trusted by
Startup & Scaleups
YOUR COMPANY SIZE (USED FOR ALL PRICING)
All our pricing starts with your company size, because securing a 200-person business takes more work than a 10-person startup.
| YOUR COMPANY SIZE | EMPLOYEE COUNT |
|---|---|
| Tiny But Mighty (Everyone wears multiple hats) | 1–10 employees |
| Small But Serious (You probably have job titles now) | 11–20 employees |
| Medium and Motivated (You're too big for a WhatsApp group) | 21–50 employees |
| Properly Professional (You have an org chart and everything) | 51–100 employees |
| Genuinely Growing (You've probably got an HR department) | 101–150 employees |
| Substantially Sizeable (People use the word "enterprise" unironically) | 151–200 employees |
| Extremely Impressive (You probably have a procurement team) | 200+ employees |
Phase 1: Getting Certified
| YOUR COMPANY SIZE | WHAT YOU'LL LIKELY PAY |
|---|---|
| Tiny But Mighty 1–10 employees | £8,000 – £12,000 |
| Small But Serious 11–20 employees | £10,000 – £14,000 |
| Medium and Motivated 21–50 employees | £12,000 – £16,000 |
| Properly Professional 51–100 employees | £14,000 – £18,000 |
| Genuinely Growing 101–150 employees | £16,000 – £20,000 |
| Substantially Sizeable 151–200 employees | £18,000 – £22,000 |
| Extremely Impressive 200+ employees | £20,000+* |
For companies who need ISO 27001 certification
IMPLEMENTATION PRICING
Your actual price depends on your current setup, industry complexity, timeline needs, and how much security infrastructure you already have.
*Somewhere between £20k and ONE MILLION DOLLARS.
Industry Complexity:
Healthcare/Finance: Upper end of range (but saves you from regulatory nightmares)
Technology/SaaS: Standard pricing (lucky you!)
Defence/Government: Top of range (but better than explaining breaches to the MOD)
Your Current Security Posture:
"We've got a password on the WiFi": Upper end of range
"We do some security things, not very organised": Middle of range
"We're fairly organised, just need certification": Lower end of range
Timeline Pressure:
"Standard timeline (4-6 months)": Standard pricing
"Yesterday, if possible": Upper end (we'll need extra coffee)
Geographic Spread:
"All in one office": Simplest scenario
"Multiple UK offices": Slight complexity
"People everywhere, nobody knows where": Upper end of range
WHAT AFFECTS YOUR IMPLEMENTATION PRICE?
Industry Complexity:
Healthcare/Finance: Upper end of range (but saves you from regulatory nightmares)
Technology/SaaS: Standard pricing (lucky you!)
Defence/Government: Top of range (but better than explaining breaches to the MOD)
Your Current Security Posture:
"We've got a password on the WiFi": Upper end of range
"We do some security things, not very organised": Middle of range
"We're fairly organised, just need certification": Lower end of range
Timeline Pressure:
"Standard timeline (4-6 months)": Standard pricing
"Yesterday, if possible": Upper end (we'll need extra coffee)
Geographic Spread:
"All in one office": Simplest scenario
"Multiple UK offices": Slight complexity
"People everywhere, nobody knows where": Upper end of range
WHAT YOU GET FOR IMPLEMENTATION
THE HEAVY LIFTING (WE DO THIS PART)
Onboarding workshops that won't make you want to pull the fire alarm
Risk assessment that actually reflects YOUR business (not copied from the last client)
Policies people might actually read (revolutionary, we know)
Management meetings that stay on topic and end in time for tea
Pre-certification audit where we find the issues before the real auditors do
Unlimited support during implementation
Hand-holding during the external audit (metaphorically... unless requested)
THE PAPERWORK (BECAUSE AUDITORS LOVE PAPER)
All documentation with none of the consultant-speak
Information Security Policy that makes sense to non-security people
Risk documents that help rather than confuse
Evidence that doesn't require making it all up
AFTER YOU'RE CERTIFIED
30 days of post-certification support as you adjust to life as a security-conscious organisation
Guidance on maintaining your certification without it becoming a second job
The ability to stop saying "we're working on it" when clients ask about security
WHAT AFFECTS YOUR IMPLEMENTATION PRICE?
Phase 2: Staying Certified
For companies who have ISO 27001 and want to keep it that way
MAINTENANCE PRICING
Simple, fixed monthly fees. Pick your company size, pick your service level, done.
| YOUR COMPANY SIZE | STANDARD MANAGED ISMS | ENHANCED MANAGED ISMS |
|---|---|---|
| Tiny But Mighty 1–10 employees | £1,000/month | £1,500/month |
| Small But Serious 11–20 employees | £1,200/month | £1,700/month |
| Medium and Motivated 21–50 employees | £1,500/month | £2,000/month |
| Properly Professional 51–100 employees | £1,800/month | £2,300/month |
| Genuinely Growing 101–150 employees | £2,100/month | £2,600/month |
| Substantially Sizeable 151–200 employees | £2,400/month | £2,900/month |
| Extremely Impressive 200+ employees | Get in touch* | Get in touch* |
*For larger organisations, we'll create a bespoke package that actually fits your needs.
WHAT'S THE DIFFERENCE?
| Service | Standard | Enhanced |
|---|---|---|
| ONGOING MONTHLY SERVICE | ||
| Quarterly Internal Audits | ✓ | ✓ |
| Annual Management Review | ✓ | ✓ |
| 24/7 Breach Line Access | ✓ | ✓ |
| Ad-hoc Consulting | 4 hrs/month | Unlimited |
| COMPLIANCE & DOCUMENTATION | ||
| Compliance Management | ✓ | ✓ |
| Threat Intelligence & Horizon Scanning | ✓ | ✓ |
| External Audit Support | ✓ | ✓ |
| Documentation Maintenance | ✓ | ✓ |
| Email, Slack & Video Support | ✓ | ✓ |
| RISK & STRATEGIC MANAGEMENT | ||
| Risk Register Reviews | Bi-Annually | Quarterly |
| Vendor Security Assessments | Via support hrs | Unlimited |
| Change Management Assessments | Via support hrs | Unlimited |
| Monthly Strategic Check-ins | X | ✓ |
| Quarterly Strategic Risk Reviews | X | ✓ |
| PROACTIVE SECURITY | ||
| Managed Phishing Simulations | ✓ | ✓ |
| Security Awareness Campaigns | ✓ | ✓ |
| Advanced Security Training Management | X | ✓ |
| Business Continuity Testing | X | ✓ |
| EXTRAS | ||
| Bottle of English Sparkling Wine | X | ✓ |
WHICH MAINTENANCE OPTION IS RIGHT FOR YOU?
Standard Managed ISMS - Professional maintenance without the hassle
Perfect for: Companies with some internal security capability who want professional backup
Enhanced Managed ISMS - Comprehensive, proactive security management
Perfect for: Companies who want comprehensive coverage and unlimited access to security expertise
Choose Enhanced if:
You need unlimited security consulting
You're in a regulated industry requiring extra oversight
You want proactive security management, not just compliance maintenance
Security isn't really your team's thing
CONTRACT TERMS THAT MAKE SENSE
12-month initial commitment (because good ISMS maintenance takes time to show value)
3-month rolling notice periods after year 1
All prices exclude VAT
Payment monthly or annually (annual gets you a month free)
The Complete Picture
SIGN UP FOR BOTH AND LOCK IN YOUR PRICE
If you sign up for both implementation and maintenance when you start, you lock in your maintenance pricing based on your current company size - even if you grow during the implementation phase.
Why this matters: Implementation takes about 4 months. If you grow from 15 to 25 people during that time, you'd normally move from "Small But Serious" to "Medium and Motivated" pricing. Sign up for both phases together, and you keep the lower rate.
Example: Start as a 15-person company, sign up for both phases, grow to 25 people by the time you're certified - you still pay £1,200/month for maintenance instead of £1,500/month.
It's our way of rewarding companies who commit to the full journey with us from the start.
THE MONEY-BACK GUARANTEE (YES, IT'S REAL)
For Implementation: If you don't pass certification because of something we did (or didn't do), you get your money back.
For Maintenance: If you lose your certification because of something we did (or didn't do), you get your money back.
Why? Because we believe consultants should be accountable for results, not just billable hours.
WHY CHOOSE ISO SERIOUS?
We Understand Your Reality
We've worked in startups and scale-ups ourselves
Security shouldn't require a translator
Standards shouldn't be stupid
We're Accountable
Money-back guarantee on certification
Results matter more than billable hours
We put our money where our mouth is
We Make It Work
Documentation people will actually read
Processes that enable rather than hinder
Support when you need it, not constant pestering
WHAT AFFECTS PRICING?
For Implementation: Industry complexity, current security posture, timeline pressure, geographic spread
For Maintenance: Company size and service level choice
Industry Note: Most companies fall in the middle of their implementation price range. Maintenance pricing is fixed - nice and simple.
QUESTIONS? CONCERNS? EXISTENTIAL DOUBTS?
"We might want to manage maintenance internally after certification" Perfect. Get certified first, then decide. No pressure to sign up for maintenance.
"We're not sure which maintenance level we need" Start with Standard. You can always upgrade if you find you need more support.
"Can we switch between options?" Absolutely. Upgrade anytime, downgrade at renewal.
"What if we grow significantly?" We adjust maintenance pricing at renewal to reflect your new size. No surprises - the pricing is all above!
NEXT STEPS
Ready to get started?
Quick Chat - 15 minutes to understand your situation and recommend the right approach
Paperwork - Simple contract reflecting what we've agreed
Get Started - Begin implementation or maintenance support