ISO 27001 Consultant Toolkit

Home / ISO 27001 Templates / ISO 27001 Consultant Toolkit

Is this the ISO27001 consultant shortcut you’ve been waiting for?

I won’t lie to you – this is going to blow your mind.

Make More Money As An ISO27001 Consultant

I’ve been in your position, and had to learn the ISO27001 certification process the hard way. So, I saw a gap in the market to accelerate consultants to ISO-Maestro level, in rapid time.

In the High Table ISO27001 Toolkit: Consultant Edition, I’ll share all the industry secrets and tips that will help you get your clients certified 10x faster, freeing up your time to onboard more clients, ultimately making more spondoolies. Thank me later.

What is an ISO27001 Consultant Toolkit?

An ISO27001 Consultant Toolkit provides resources to help ISO27001 Consultants get their clients ISO27001 Certified. It helps ISO27001 consultants fast track their client ISO27001 implementations and typically includes:

  • ISO27001 Policy Templates
  • ISO27001 Information Security Management System (ISMS) Templates
  • ISO27001 Implementation Guides
  • ISO27001 Training Videos
  • ISO27001 Walkthroughs

Why an ISO27001 Consultant Toolkit?

The biggest challenge I have faced in my career as an ISO27001 consultant and the biggest challenge that my information security agency had for client engagements was having a standard build. There is never enough time to come up with a definitive build, a definitive product that can be re-used and rolled out on each new client engagement.

We have all been there where typically a consultant will take their last client engagement, copy all of the files and then attempt to rebrand them to the new client. Inevitably this brings across the old clients name in documents, old client branding and tweaks that were introduced for that particular client that don’t make sense for everyone.

This approach has its place but there are so many downsides and the costs in time are through the roof. You spend more time on documentation that you do consulting.

The other option that consultants don’t take is to take time out of the business and attempt to build that generic product pack.

If you have tried, you will know how hard and time consuming that can be.

Especially if there are many consultants, all working differently, all with an opinion.

My answer was to take 6 months out after the sale of my last business and craft the perfect, generic, ISO27001 Consultant Toolkit.

Taking the time allowed me to create a toolkit that

  • Fully meets the requirements of the ISO27001:2022 Standard
  • Allows for seamless migration from ISO27001:2013 as needed
  • Includes a modular approach that meets specific consultant tasks
  • Allows consultants to do internal audits and client gap analysis with ease
  • Takes the best practice from hundreds of consultants and hundreds of engagements to create the ‘perfect’ toolkit

What are the benefits of the ISO27001 Consultant Toolkit?

The end result was a toolkit designed specifically for consultants that gave them the following benefits:

  • Takes the worry of updating documents away
  • Ensures documents are always updated with best practice from hundreds and thousands of consultants world wide
  • Keeps pace with changes to the standard and any updates to the standard without having to do any work
  • Gives a clean client build each time, every time
  • Has a proven track record of getting clients certified
  • Is streamlined, simple and easy to implement
  • Allows consultants to be more profitable by charging the same but vastly reducing the work load involved in delivery

ISO27001 Consultant Toolkit Pricing Models

When building the consultant toolkit it became apparent there are very few options on the market. The reason is pretty clear. No consultant is going to want to give away their secret sauce to other consultants, and not for what is at best a modest fee. So how can I do it? I can do it because in 2018 I sold my previous cyber security consultancy business and as result became very comfortable in life. I no longer have to consult of hustle. I can share my knowledge with you for free and give you the tools that made me succesful.

What I have seen is a rise in recurring revenue models. These models want consultants to act as the sales person for their product or service and they want a slice of the client pie as well. You are paying them to sell their products or services! How mad is that?

I knew there had to be a better way.

With simplicity in mind the approach I took was to charge a flat, one time, life time fee.

Sure I am probably leaving money on the table. Where others are concerned with volumes and numbers of clients and employees I just sell a consultant toolkit. One fee. One and done.

Do ISO27001 Consultants use ISO27001 Toolkits?

Yes. I started this journey two years ago as a test and learn. Try the market. See if there was interest. From day 1 the interest has been through the roof. ISO27001 Consultants from all backgrounds, with all levels of experience from all over the globe have purchased the ISO27001 Toolkit: Consultant Edition and successfully and profitably got their clients ISO27001 certified.

The feedback on the Google reviews alone is testament to how successful this is.

From one man bands to house hold consultancy names, to online SaaS Platforms (yes, they buy them too), to the Big 4.

I can say that the savvy ISO27001 consultants use the ISO27001 Toolkit and on the whole, they are out pacing and out performing their competitors.

What is the best ISO27001 Toolkit 2024?

The best ISO27001 toolkit for consultants in 2024 is the High Table ISO27001: Toolkit Consultant Edition.

With unlimited support, free updates, lifetime access, 1 to 1 consultation, weekly group Q and A sessions and Google 5 Star Reviews it is unrivalled in its value.

ISO27001 Toolkit Consultant Edition

What You’ll Get From The High Table ISO 27001 Toolkit: Consultant Edition

If all of this isn’t enough here’s what else you can expect from our unrivalled toolkit:

  • Cheat-sheets, articles and templates to help you get quick Accredited ISO 27001 certification for your clients.
  • The months you would have wasted writing your own policies and ISMS – SAVED and ready to dedicate to paying clients.
  • An easy-to-follow format that will teach you how to get your clients certified in weeks rather than months.
  • Expert status in a fraction of the time it would have taken you without this incredible toolkit.
  • Access to my famous ISO 27001 YouTube channel which is packed with FREE, helpful content to guide you through every single stage of the ISO 270001 process.
  • Expert guidance and advice, whenever you need it – from the #1 fastest growing ISO27001 company, globally.

It’s time to up your ISO 27001 game. Are you with me?

ISO 27001:2022 requirements

Organisational Controls - A5

ISO 27001 Annex A 5.1 Policies for information security

ISO 27001 Annex A 5.2 Information Security Roles and Responsibilities

ISO 27001 Annex A 5.3 Segregation of duties

ISO 27001 Annex A 5.4 Management responsibilities

ISO 27001 Annex A 5.5 Contact with authorities

ISO 27001 Annex A 5.6 Contact with special interest groups

ISO 27001 Annex A 5.7 Threat intelligence – new

ISO 27001 Annex A 5.8 Information security in project management

ISO 27001 Annex A 5.9 Inventory of information and other associated assets – change

ISO 27001 Annex A 5.10 Acceptable use of information and other associated assets – change

ISO 27001 Annex A 5.11 Return of assets

ISO 27001 Annex A 5.11 Return of assets

ISO 27001 Annex A 5.13 Labelling of information

ISO 27001 Annex A 5.14 Information transfer

ISO 27001 Annex A 5.15 Access control

ISO 27001 Annex A 5.16 Identity management

ISO 27001 Annex A 5.17 Authentication information – new

ISO 27001 Annex A 5.18 Access rights – change

ISO 27001 Annex A 5.19 Information security in supplier relationships

ISO 27001 Annex A 5.20 Addressing information security within supplier agreements

ISO 27001 Annex A 5.21 Managing information security in the ICT supply chain – new

ISO 27001 Annex A 5.22 Monitoring, review and change management of supplier services – change

ISO 27001 Annex A 5.23 Information security for use of cloud services – new

ISO 27001 Annex A 5.24 Information security incident management planning and preparation – change

ISO 27001 Annex A 5.25 Assessment and decision on information security events 

ISO 27001 Annex A 5.26 Response to information security incidents

ISO 27001 Annex A 5.27 Learning from information security incidents

ISO 27001 Annex A 5.28 Collection of evidence

ISO 27001 Annex A 5.29 Information security during disruption – change

ISO 27001 Annex A 5.31 Identification of legal, statutory, regulatory and contractual requirements

ISO 27001 Annex A 5.32 Intellectual property rights

ISO 27001 Annex A 5.33 Protection of records

ISO 27001 Annex A 5.34 Privacy and protection of PII

ISO 27001 Annex A 5.35 Independent review of information security

ISO 27001 Annex A 5.36 Compliance with policies and standards for information security

ISO 27001 Annex A 5.37 Documented operating procedures 

Technology Controls - A8

ISO 27001 Annex A 8.1 User Endpoint Devices

ISO 27001 Annex A 8.2 Privileged Access Rights

ISO 27001 Annex A 8.3 Information Access Restriction

ISO 27001 Annex A 8.4 Access To Source Code

ISO 27001 Annex A 8.5 Secure Authentication

ISO 27001 Annex A 8.6 Capacity Management

ISO 27001 Annex A 8.7 Protection Against Malware

ISO 27001 Annex A 8.8 Management of Technical Vulnerabilities

ISO 27001 Annex A 8.9 Configuration Management 

ISO 27001 Annex A 8.10 Information Deletion

ISO 27001 Annex A 8.11 Data Masking

ISO 27001 Annex A 8.12 Data Leakage Prevention

ISO 27001 Annex A 8.13 Information Backup

ISO 27001 Annex A 8.14 Redundancy of Information Processing Facilities

ISO 27001 Annex A 8.15 Logging

ISO 27001 Annex A 8.16 Monitoring Activities

ISO 27001 Annex A 8.17 Clock Synchronisation

ISO 27001 Annex A 8.18 Use of Privileged Utility Programs

ISO 27001 Annex A 8.19 Installation of Software on Operational Systems

ISO 27001 Annex A 8.20 Network Security

ISO 27001 Annex A 8.21 Security of Network Services

ISO 27001 Annex A 8.22 Segregation of Networks

ISO 27001 Annex A 8.23 Web Filtering

ISO 27001 Annex A 8.24 Use of CryptographyISO27001 Annex A 8.25 Secure Development Life Cycle

ISO 27001 Annex A 8.26 Application Security Requirements

ISO 27001 Annex A 8.27 Secure Systems Architecture and Engineering Principles

ISO 27001 Annex A 8.28 Secure Coding

ISO 27001 Annex A 8.29 Security Testing in Development and Acceptance

ISO 27001 Annex A 8.30 Outsourced Development

ISO 27001 Annex A 8.31 Separation of Development, Test and Production Environments

ISO 27001 Annex A 8.32 Change Management

ISO 27001 Annex A 8.33 Test Information

ISO 27001 Annex A 8.34 Protection of information systems during audit testing