Comment by ISO27Auditor

5 days ago

ISO 27001 implementation and certification doesn't have to be overly expensive if you have the right team to help you. It also doesn't have to be time consuming as you can outsource a good deal of the work. I work as ISO 27001 auditor and I help companies get ISO certified. For a small company the combined cost of certification and external provider support ranges from $5k to $8k. Of course if you are a larger organisation the cost will go up, but not drastically.

That makes sense, but simply isn't viable cost wise IMO if you're trying to bootstrap a side project - until you have your first users and a sense that you have something people are willing to pay for, spending thousands on compliance certifications seems pretty risky.

I'm interested in what the best strategy to build/establish trust when you can't yet afford to pay for certification is.