The materials have been donated by individuals with differing backgrounds, competence and expertise, working for a variety of organizations and contexts. They are models or templates, starting points if you will. Your information risks are unique, so it is incumbent on you to assess and treat your risks as you and your management see fit.
Link for Toolkit: ISO 27K Toolkit
The March 2023 release of the ISO27K Toolkit is a zip containing the following files:
-
- A listing of the ISO/IEC 27000 standards (2023) - ISO 27K ISMS 2
- One business case to use this to convince your management that the business benefits of an ISMS far outweigh the costs, if they are not already sold on the idea - ISO 27K ISMS 4
- A single-page diagram summarizing the entire process of designing, developing, implementing and certifying an ISMS - ISO 27K ISMS 4.4
- A mandatory documentation checklist list of the ‘documented information’ explicitly required by ISO/IEC 27001:2022 - ISO 27K ISMS 4.4
- A white paper that expands on the ‘control attributes’ concept introduced in ISO/IEC 27002:2022, explaining how attributes can be used to specify, select and improve information security controls - ISO 27K ISMS 6.1
- A simple Excel spreadsheet with which to generate and record your Statement of Applicability - ISO 27K ISMS 6.1 SOA
- ISO/IEC 27001:2022 clause 6.3 is a new requirement for changes to the ISMS to be managed, while changes to IT assets, configurations, processes, controls, etc are generally worth managing to mitigate information risks that are unacceptable to the organization - ISO 27K ISMS 6.3
- A very succinct set of FAQs about ‘ISO 27001’ an example security awareness briefing for workers in general that you might like to use when initially implementing your ISMS - ISO 27K ISMS 7.3
- Guidance on how to handle being audited by ISMS internal auditors, certification auditors, IT auditors and the like - ISO 27K ISMS 7.3
- Intro and gap analysis email template 2022, a text for a message to general managers about implementing an ISO27k ISMS - ISO 27K ISMS 7.4
- A simplistic Excel model to estimate how long it will take to implement a certifiable ISMS using ISO/IEC 27001 - ISO 27K ISMS 8.1
- Internal audit procedure 2022 that describes a typical process for conducting ISMS internal audits - ISO 27K ISMS 9.2
- An exercise/test for ISMS auditors - ISO 27K ISMS 9.2
- A simple agenda for a management meeting to discuss the findings of an ISMS management review - ISO 27K ISMS 9.3
- Information asset checklist 2022 where are know what information assets might be at risk can be a useful basis for an ISMS, so here are some clues - ISO 27K ISMS A5.9
- Professional services information security checklists 2022 suggests information security activities for the start, middle and end phases of professional services engagements in which valuable information is shared and created - ISO 27K ISMS A5.10
- A generic model policy covering the risks and controls relevant to business process outsourcing - ISO 27K ISMS A5.19
- Briefing on ISO27K controls for GDPR 2022, where information security and privacy requirements align, common controls may satisfy both - ISO 27K ISMS A5.34
- Security awareness and training policy 2023 that mandates a rolling program of security awareness and training activities for the whole workforce - ISO 27K ISMS A6.3
