{"id":4504,"date":"2014-07-21T17:25:23","date_gmt":"2014-07-21T17:25:23","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/27001academy\/blog\/014\/07\/21\/how-to-become-an-iso-27001-iso-22301-consultant\/"},"modified":"2026-03-23T15:02:07","modified_gmt":"2026-03-23T15:02:07","slug":"how-to-become-an-iso-27001-iso-22301-consultant","status":"publish","type":"post","link":"https:\/\/advisera.com\/27001academy\/blog\/2014\/07\/21\/how-to-become-an-iso-27001-iso-22301-consultant\/","title":{"rendered":"How to become an ISO 27001 \/ ISO 22301 consultant"},"content":{"rendered":"<p>If you are thinking about a career change, becoming an independent consultant for <a title=\"ISO 27001\" href=\"https:\/\/advisera.com\/27001academy\/what-is-iso-27001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001<\/a>\u00a0and\/or <a title=\"ISO 22301\" href=\"https:\/\/advisera.com\/27001academy\/what-is-iso-22301\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 22301<\/a>\u00a0certainly sounds like an attractive option. But what do you need to know, and what do you need to have to start your own consultancy?<\/p>\n<div class=\"post-featured\">\n<div class=\"post-featured--title\">To become a respected ISO 27001\/ISO 22301 consultant, you need:<\/div>\n<div class=\"post-featured--content\">\n<ul>\n<li>ISO 27001\/ISO 22301 certificates<\/li>\n<li>Project management certificate<\/li>\n<li>Experience<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<p><div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><\/p>\n<h2>Focus on ISO 27001 or ISO 22301?<\/h2>\n<p>In my view, it should be <em>and<\/em> instead of <em>or<\/em> \u2013 these standards are very similar and very compatible, so it makes sense that you help your clients with both of them. Once you grasp one standard, it will be only a small step further to fully understand the other one. See also this webinar: <a title=\"ISO 27001 &amp; ISO 22301: Why is it better to implement them together?\" href=\"\/27001academy\/webinar\/iso-27001-iso-22301-why-is-it-better-to-implement-them-together-free-webinar\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001 &amp; ISO 22301: Why is it better to implement them together?<\/a><\/p>\n<h2>Industries consultants work with, and the jobs they do<\/h2>\n<p>So, what are ISO 27001\/ISO 22301 consultant jobs, which industries do they work with, and what do they typically do? An ISO 27001 consultant, just like an ISO 22301 consultant, usually does implementation, training, and internal auditing. They can cover any industry or business that wants to become ISO 27001 and ISO 22301 compliant; usually, these are high-tech companies, financial organizations, service organizations, etc.<\/p>\n<h2>What qualifications do you need?<\/h2>\n<p>It\u2019s a funny thing, but to become an ISO 27001 and ISO 23001 consultant, there are no formal qualifications needed, at least not in most countries. This basically means anyone can become a consultant, with no qualifications whatsoever.<\/p>\n<p>However, if you want to become a consultant respected by potential clients, you should have at least the following:<\/p>\n<p><strong>ISO 27001\/ISO 22301 certificates<\/strong> \u2013 you should at least get the Lead Auditor or Lead Implementer certificate, but it would be better if you had both. See also <a title=\"Lead Auditor Course vs. Lead Implementer Course \u2013 Which one to go for?\" href=\"https:\/\/advisera.com\/27001academy\/blog\/2014\/06\/16\/lead-auditor-course-vs-lead-implementer-course-which-one-to-go-for\/\" target=\"_blank\" rel=\"noopener noreferrer\">Lead Auditor Course vs. Lead Implementer Course \u2013 Which one to go for?<\/a><\/p>\n<p><strong>Project management certificate<\/strong> \u2013 since your work will be nothing but delivering projects, you should learn how to run them. For instance, you should get PMP, or some other similar certificate.<\/p>\n<p><strong>Experience<\/strong> \u2013 theoretical knowledge won\u2019t be enough, so you should get experience through at least one of the following:<\/p>\n<ul>\n<li>Work as a certification auditor \u2013 performing certification audits will give you an excellent insight into the do\u2019s and don\u2019ts of ISO 27001 and ISO 22301 implementation, or<\/li>\n<li>Work for another consultant \u2013 this is the best way to learn about the implementation methods and how to get new clients, or<\/li>\n<li>Work as an information security or business continuity practitioner \u2013 working in a company is an excellent way to learn the client side of the story: What are the usual pains? What is the expert help needed for?<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-80078\" src=\"\/wp-content\/uploads\/\/sites\/5\/2014\/07\/consultant.jpg\" alt=\"ISO 27001 consultant \/ ISO 22301 consultant \u2013 How to become one?\" width=\"1000\" height=\"500\" srcset=\"\/wp-content\/uploads\/sites\/5\/2014\/07\/consultant.jpg 1000w, \/wp-content\/uploads\/sites\/5\/2014\/07\/consultant-300x150.jpg 300w, \/wp-content\/uploads\/sites\/5\/2014\/07\/consultant-768x384.jpg 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\" \/><\/p>\n<h2>What else do you need?<\/h2>\n<p>Besides getting the knowledge already mentioned above, to become an ISO 27001\/ISO 22301 consultant you will also need some other tools and sources of knowledge:<\/p>\n<ul>\n<li>Books \u2013 there are many books available on ISO 27001 and ISO 22301 (this author is proud to have published one \u2013 <a title=\"Becoming Resilient: The Definitive Guide to ISO 22301 Implementation\" href=\"https:\/\/advisera.com\/books\/becoming-resilient-the-definitive-guide-to-iso-22301-implementation\/\" target=\"_blank\" rel=\"noopener noreferrer\">Becoming Resilient: The Definitive Guide to ISO 22301 Implementation<\/a>)<\/li>\n<li>Documentation templates \u2013 when starting to work with your clients you will need <a title=\"templates of ISO 27001\/ISO 22301 policies and procedures\" href=\"https:\/\/advisera.com\/27001academy\/iso-27001-22301-premium-documentation-toolkit\/\" target=\"_blank\" rel=\"noopener noreferrer\">templates of ISO 27001\/ISO 22301 policies and procedures<\/a>\u00a0to speed up your work.<\/li>\n<li>Templates for proposals and presentations \u2013 what you show to potential clients must be very comprehensive and professional.<\/li>\n<li>Tools \u2013 besides a laptop and MS Office, you will also need some kind of customer relationship management (CRM) software or an online service, because you must track all the potential clients and in which phase you currently are with each of them.<\/li>\n<li>Social media skills \u2013 you will have to learn how to communicate through Twitter, Facebook and LinkedIn, since these will be important channels for getting new clients.<\/li>\n<li>Website development skills \u2013 if you decide to publish articles, you will need to know at least how to publish a blog.<\/li>\n<\/ul>\n<div class=\"responsive-video-wrapper\"><iframe loading=\"lazy\" title=\"ISO 27001 Lead Implementer Training - What to expect and how to prepare?\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/6_9OoygoMEI?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<h2>How to find the clients?<\/h2>\n<p>Believe it or not, this is by far the most difficult task \u2013 this is where most would-be consultants have failed, no matter how knowledgeable they were about ISO 27001 or ISO 22301.<\/p>\n<p>There are several ways you should market your services:<\/p>\n<ul>\n<li>Use your contacts from previous jobs \u2013 for example, arrange a deal with the client even before you start your consultancy in order to avoid a gap once you start your new job; this is probably the best way to start your career, but you must be careful to stay within the ethical limits \u2013 you should not hurt your old employer because of this.<\/li>\n<li>Direct sales \u2013 you should spend at least 30% of your time dialing phone numbers and delivering presentations to potential clients \u2013 this is basically the best way to close the deal.<\/li>\n<li>Speaking at conferences \u2013 this is one of the best ways to build your credibility, and to get new contacts. Just make sure to practice your presentation skills, because otherwise, you may end up with even less credibility than you had previously.<\/li>\n<li>Writing expert articles \u2013 you should publish your articles in specialized magazines and on the Internet \u2013 this way, you will show your expertise to the whole world.<\/li>\n<li>Delivering courses \u2013 this is an excellent way to get new contacts and prove your expertise.<\/li>\n<li>Partnerships \u2013 perhaps you can find some vendors who are compatible (and not competing) with your service \u2013 in such cases, when they get a deal they may bring you a new client.<\/li>\n<\/ul>\n<p>And remember \u2013 clients aren\u2019t going to rush in on the first day you start your consultancy; on the contrary, in the beginning you will probably have fewer clients than you imagined \u2013 even in your worse-case scenario. This is because the sales cycle is very long \u2013 it usually takes a lot of time for a client to decide to go for a project.<\/p>\n<p>I\u2019m not saying that a good consultant must be more skilled in marketing than in ISO 27001 or ISO 22301 \u2013 I\u2019m just saying that marketing skills and efforts should not be neglected, because without them your main expertise will never reach the clients.<\/p>\n<h2>Focus on what\u2019s the best for the client<\/h2>\n<p>In this article I wanted to present the prerequisites for becoming a consultant \u2013 the methods for delivering the ISO 27001 or ISO 22301 project wouldn\u2019t fit in this article. For the implementation steps you should read these articles: <a title=\"ISO 27001 implementation checklist\" href=\"https:\/\/advisera.com\/27001academy\/knowledgebase\/iso-27001-implementation-checklist\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001 implementation checklist<\/a>\u00a0and <a title=\"17 steps for implementing ISO 22301\" href=\"https:\/\/advisera.com\/27001academy\/knowledgebase\/17-steps-for-implementing-iso-22301\/\" target=\"_blank\" rel=\"noopener noreferrer\">17 steps for implementing ISO 22301<\/a>.<\/p>\n<p>But in the end, remember that reputation is what will bring you new clients. Make sure that everything you do, you do it in the best interest of a client \u2013 you shouldn\u2019t recommend some new technology to a client only because you have a partner selling it; you shouldn\u2019t hold back some information only to have your client use your services later on. What you should do is protect your client\u2019s interest and exceed their expectations.<\/p>\n<p>Once clients realize your integrity and capability, they will start recommending you \u2013 and this is where your career will take off.<\/p>\n<p><em>To learn all the requirements for becoming an ISO 27001 consultant, visit this free online course:<\/em> <a title=\"ISO 27001 Lead Implementer course\" href=\"https:\/\/advisera.com\/training\/iso-27001-lead-implementer-course\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001 Lead Implementer course<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you are thinking about a career change, becoming an independent consultant for ISO 27001\u00a0and\/or ISO 22301\u00a0certainly sounds like an attractive option. But what do you need to know, and what do you need to have to start your own consultancy? To become a respected ISO 27001\/ISO 22301 consultant, you need: ISO 27001\/ISO 22301 certificates &#8230;<\/p>\n","protected":false},"author":26,"featured_media":80078,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[136,380,381],"class_list":["post-4504","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-consulting","tag-iso-22301","tag-iso-27001"],"acf":[],"_links":{"self":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/comments?post=4504"}],"version-history":[{"count":3,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4504\/revisions"}],"predecessor-version":[{"id":105296,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4504\/revisions\/105296"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/media\/80078"}],"wp:attachment":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/media?parent=4504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/categories?post=4504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/tags?post=4504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}