Allow 9 to 15 months between project kick-off and the initial certification audit. Critical path: scoping (1-2 months), risk analysis and ISMS policy (2-3 months), Annex A controls deployment (4-6 months), internal audit and management review (1 month), certification audit (2 months).
EN
FR