Policy Development Costs


Typical cost of developing an information security policy

Below we have set out the costs for developing one complete information security policy with a length of 100 pages. Our service provides access to thousands of pages of not only policies but standards, processes and more.

Ideally a technical writer and information security professional would be needed to develop information security documentation. Hourly rates for skilled information security professionals can range from anywhere between $80 to over $300 an hour and a technical writers between $50 and $100 an hour.

Security Policy/Standard/Process Development Cost = Policy Length (pages) x Time x Cost Per Hour

To make our point we will take a very conservative approach and assume that we got a bargain and hired a technical writer and information security consultant for a combined hourly fee of $120 an hour. To develop a draft 100 page ISO 27002 based information security policy it would take around 100+ hours for both a technical writer and information security consultant to complete. Generally speaking the total cost of development would depend on many factors so in this example we have used very conservative numbers.

Total time: 100 pages x 1 hour per page = 100 hours
Total cost: 100 hours x 120 per hour = $12,000.00

If we were to hire an information security consultant from a large consulting firm this number would look more like $20,000 to $30,000 depending on the your organization's requirements.

Estimated cost for security documentation maintenance

Developing the initial documentation is only part of the overall cost. All security documents must be reviewed and maintained to keep up-to-date. It is advised that the information security documentation be reviewed at least annually. Again here it can take up to a week of work to review all the policy documents for a typical mid-sized organization. If we use the same equation as before at $120 an hour for a technical writer and security consultant we would be looking at the figure below annually.

40 hours at $120 dollars an hour = $4,200.00

Again Security Bastion pays for itself many times over just on saved maintenance costs.