LRQA ISO 27001 Certification Cost: Lloyd's Register Spinoff Read

LRQA was the management-systems certification arm of Lloyd's Register, the British classification society founded in 1760 to assess the seaworthiness of merchant vessels for insurance underwriting. The Lloyd's Register name carried 260+ years of maritime trust infrastructure and that heritage shaped LRQA's reputation in maritime, oil-and-gas, energy, and heavy-industry management-system certification. In 2021 Lloyd's Register sold the LRQA business to Goldman Sachs Asset Management Private Equity, and the certification body has operated as a standalone entity under the LRQA brand since.

The implication for buyers: the Lloyd's Register name is licensed for legacy reference (some marketing materials still reference the heritage explicitly) but the operational entity is private-equity-owned and run with a growth mandate. The investment thesis post-spinoff has been capacity expansion in information security, sustainability assurance (ISO 14001, GHG verification), and emerging schemes (ESG, supply-chain integrity). The auditor pool for ISO 27001 specifically has grown materially over 2022 to 2026 as a result of this investment, narrowing the historical gap with BSI in tech and SaaS auditor depth.

LRQA is accredited by UKAS in the UK, ANAB in the US, JAS-ANZ in Australia and New Zealand, and equivalent national accreditation bodies across 120+ operating geographies. The international accreditation footprint is competitive with Bureau Veritas and SGS. Service detail is published at lrqa.com/iso-27001.

LRQA uses the IAF MD 5 audit-day calculation as the base. The day-rate band sits at the lower end of the premium tier: $1,800 to $2,300 per day in the US, GBP 1,100 to 1,500 per day in the UK, and EUR 1,200 to 1,700 per day in mainland Europe. The day-rate band is slightly tighter than BSI's, with less geographic dispersion. The realistic posture for a buyer is that the rack-rate quote will discount 5 to 12 percent on a three-year programme commitment and a further 5 to 10 percent on a multi-framework bundle, particularly when ISO 22301 or ISO 14001 is added to the bundle.

The integrated audit pricing is the distinctive editorial pivot for LRQA. The Lloyd's Register heritage gave the certification body deep business-continuity-management expertise; an integrated ISO 27001 plus ISO 22301 audit through LRQA typically prices at 70 to 78 percent of the sum of two standalone audits, saving 22 to 30 percent. The integrated audit also tightens the implementation work because the ISO 27001 controls related to business continuity (Annex A.5.29 information security during disruption, A.5.30 ICT readiness for business continuity) get assessed once rather than twice with overlapping evidence demands.

Retainer engagements are uncommon for ISO 27001 at LRQA, as at the other premium-tier bodies. The standard engagement is a quoted-fee Stage 1 + Stage 2 audit in year one, surveillance audits at 30 to 33 percent of the initial audit fee in years two and three, and a full recertification audit in year four at approximately the initial fee level.

LRQA wins on three dimensions. First, integrated ISO 27001 plus ISO 22301 (business continuity management) audits: the historical Lloyd's Register expertise in BCM translates into an auditor pool that handles the integrated audit more efficiently than generalist bodies, with cost savings of 22 to 30 percent vs running the two schemes separately. Second, maritime, energy, oil-and-gas, and heavy-industry procurement: the Lloyd's Register heritage continues to carry weight in these sectors and the LRQA brand earns the engagement when the buyer recognises the lineage. Third, sustainability-assurance bundling: LRQA has invested heavily in ESG, GHG verification, and ISO 14001 capacity post-spinoff, making integrated information-security plus sustainability programmes more efficient.

For pure SaaS organisations whose buyers are US enterprise procurement teams, the LRQA brand carries less SaaS-specific resonance than Schellman ISO practice or A-LIGN ISO practice. Both Schellman and A-LIGN are recognised through their SOC 2 audit franchises in the US procurement workflow; LRQA is not, despite the equivalent accreditation chain and competitive pricing. For SaaS-only US engagements, the SaaS-specialist mid-tier bodies often deliver better procurement signal at lower cost.

For single-site organisations with no business-continuity-management programme, the LRQA differentiator (integrated audit, BCM expertise) is irrelevant, and the price will be comparable to BSI without the equivalent brand recognition. A single-site 50-person SaaS without BCM ambitions would typically be better served by NQA (SME tier, identical accredited certificate, 25 to 35 percent cheaper) or by BSI (premium brand recognition in enterprise procurement).

First, raise the integrated audit opportunity early. If you have any business-continuity-management requirement on the roadmap (regulatory, customer-driven, or internal-resilience-led), bundling ISO 22301 with ISO 27001 in a single LRQA audit programme is materially cheaper than two separate programmes and the LRQA auditor pool handles it well.

Second, ask about the sustainability-assurance bundle. LRQA's post-spinoff investment in ESG and GHG verification means they have packages that combine ISO 27001 with ISO 14001 or with GHG Protocol assurance at integrated-audit pricing. For organisations under pressure on both sustainability and information-security reporting, this is a more cost-efficient route than separate engagements.

Third, leverage the heritage where it matters. If your buyer recognises the Lloyd's Register lineage (maritime, energy, oil-and-gas, classic engineering procurement), the LRQA certificate carries trust-signal value that justifies the premium-tier price. If the buyer is pure SaaS procurement, the heritage is a marketing flourish without trust-signal value, and you should consider whether the price is justified.

Fourth, ask for the three-year programme quote with a frozen day rate against inflation. The Goldman Sachs ownership has put commercial pressure on annual rate increases; locking the rate for the certification cycle protects the year-two and year-three budgets from the 4 to 8 percent annual increase pattern observed across the premium tier in 2024-2026.