ISO 27001 Templates Toolkit: Consultant Edition 2022

5 out of 5 based on 5 customer ratings
(5 customer reviews)

$122.29 / month$1,027.26

Clear

You are an information security professional implementing ISO 27001 for clients and you want the tools to do the job. Rather than spend your time keeping pace with changes and working on your own documents you would rather work billable time. 

Sure, you are sceptical about templates. We would be too. That is why we give you  Our 100% No-Risk Money Back Guarantee.

  • Keep pace with changes to the standards with zero effort
  • Fully meets ISO 27002:2022 – get your clients ready, perform gap analysis, implement the new Annex A
  • Unlimited Use Licence – use on all your clients
  • Designed for consultants by consultants
  • Benefit from updates and continual improvement from feedback from thousands of implementations 
  • 12 Months of Updates, New Templates, Changes to the Standards
SKU: ISO27001POL001 Category:

ISO 27001 Toolkit Consultant Edition Advert

The Professional’s Information Security Management System


I built The ISO 27001 Templates Toolkit to save consultants time developing an ISMS and keeping pace with changes.

As a consultant you want to spend your time working clients and billable time.

The ISO 27001 Toolkit is everything you need for a client ISO 27001 implementation. It includes the complete information security management system, the ISO 27001 gap analysis and audit toolkit, the complete pack of required ISO 27001 policies pre written for you and as a bonus the Business Continuity Toolkit aligned with ISO 22301.

The ISO 27001 Toolkit gives you both control sets of ISO 27002:2013 and ISO 27002:2022. Whether you are getting your clients ready or wanting to future proof your implementations, why spend time updating your templates when we have done the hard work for you?

I am Stuart Barker and I have been in Governance Risk and Compliance for over 20 years working in some of the worlds largest, and smallest, organisations. The toolkit is born of that experience. It is used today by consultants and information security professionals around the globe.

ISO 27001 Templates Toolkit Contents


You are going to get the complete information security management system, every document, policy, template and process on the store plus bonus content. You are going to get a comprehensive step by step video guide to implementing ISO 27001 with real world, practical insights.

You also have up to an hour of my time for free, 1 to 1.

You get 12 months of access to all updates, changes and future templates we create.

Included:

ISO 27001 Templates Toolkit Consultant Edition

Save months of work and effort creating, updating and adapting your Information Security Management System.

Easily keep paces with changes to the standards. Let us take care of the updates.
ISO 27001 Audit Toolkit ISO 27001 Policy Templates Consultant Edition

Conduct effortless ISO 27001 Gap Analysis and Internal Audits with ease.

Audit against the ISO 27001:2013 control set for current sets and get your clients ready with the ISO 27002:2022 control set.
ISO 27001 Policy Templates Consultant Edition

29 pre written information security policies that you can deploy into clients in a matter of hours not days showing you exactly what you need to do.

Policies that meet multiple information security standards and pass audits.
Business Continuity Templates Toolkit Consultant Edition

Protect your clients with the complete business continuity toolkit aligned to and meeting ISO 22301.

You are going to get over 50 documents, policies, templates and processes with step by step, easy to follow guides and video walk throughs of key documents. This is everything on the store PLUS bonus content. We have included a pre-popluated and direct mapping of The ISO 27001 standard to the templates to show you exactly how it meets the requirements and which control the documents satisfy .

  • Organisation Overview
  • Context of Organisation
  • Documented ISMS Scope
  • Legal and Contractual Requirements Register
  • Physical Assets Register
  • Data Asset Register
  • Statement of Applicability
  • Competency Matrix
  • Information Classification Summary
  • Information Security Management System Document Tracker
  • ISMS RASCI Table
  • Management Review Team Meeting Agenda – Template
  • Audit Plan
  • Communication Plan
  • Incident and Corrective Action Log
  • Risk Management Procedure
  • Risk Register without Residual Risk
  • Risk Register with Residual Risk
  • Third Party Supplier Register
  • Training and Awareness – The Governance Framework
  • Training and Awareness – Introduction to Information Security
  • The Information Security Management System document
  • Information Security Roles Assigned and Responsibilities
  • Easy to follow step by step guide – How to Conduct an Internal Audit
  • The ISO 27001 ISMS 114 Controls – audit work sheet
  • The ISO 27002:2013 Annex A  – audit work sheet
  • The ISO 27002:2022 Annex A  – audit work sheet
  • Management Audit Report
  • Audit Meeting Template
  • Audit 12 Month Planner 
  • Data protection Policy
  • Data Retention Policy 
  • Information Security Policy 
  • Access Control Policy 
  • Asset Management Policy 
  • Risk Management Policy 
  • Information Classification and Handling Policy 
  • Information Security Awareness and Training Policy 
  • Acceptable Use Policy 
  • Clear Desk and Clear Screen Policy 
  • Mobile and Teleworking Policy 
  • Business Continuity Policy 
  • Backup Policy 
  • Malware and Antivirus Policy 
  • Change Management Policy 
  • Third Party Supplier Security Policy 
  • Continual Improvement Policy
  • Logging and Monitoring Policy 
  • Network Security Management Policy
  • Information Transfer Policy 
  • Secure Development Policy 
  • Physical and Environmental Security Policy 
  • Cryptographic Key Management Policy 
  • Cryptographic Control and Encryption Policy 
  • Document and Record Policy
  • Significant Incident Policy and Collection of Evidence and
  • Patch Management Policy
  • Business Continuity Policy
  • Business Impact Assessment
  • Business Impact Analysis Executive Summary
  • Business Continuity Objectives and Strategy
  • Business Continuity Plan
  • Business Continuity Incident Action Log
  • Post Incident Review Form
  • Business Continuity Disaster Scenarios
  • Ref Example – High Table Business Continuity Plan – our business continuity plan as example
  • Ref Example – Disaster Recovery Exercise 2021 – our business continuity test as example

Reviews from industry professionals


ISO 27001 Toolkit Consultant Edition Advert 2

ISO 27001 Requirement Met


Mapping the standard to the templates.

CLAUSE CONTROL TEMPLATES
ISO 27001 Clause 4.1 Understanding the organisation and its context Context of Organisation
ISO 27001 Clause 4.2 Understanding the needs and expectations of interested parties Context of Organisation
ISO 27001 Clause 4.3 Determining the scope of the information security management system Documented ISMS Scope
ISO 27001 Clause 4.4 Information security management system The Information Security Management System
ISO 27001 Clause 5.1 Leadership and commitment Organisation Overview describes the business and its objectives and mission and values.

The Information Security Management System sets out the information security objectives. These are managed and reviewed at the Management Review Team meeting which is documented in Information Security Roles Assigned and Responsibilities.

Information security policies are in place in line with the standard.

Information Security Policy sets out the objectives and the senior leadership commitment statement.

Information Security Roles Assigned and Responsibilities sets out the roles and responsibilities with allocated resource.

ISMS Annex A Controls – Accountability Matrix assigns responsibility for each ISO 27002 / Annex A Control

Information Security Awareness and Training Policy sets out training and awareness

Communication Plan sets out the communications for the year across media and approaches

The Management Review Team meeting agenda covers the requirements of the standard.

A program of internal audit is conducted and document: Audit Plan sets out the audit plan for the year.

Continual Improvement Policy sets out the continual improvement approach.

Incident and Corrective Action Log captures and manages the corrective actions.

Competency Matrix captures the core competencies and training requirements of staff in relation to information security.

ISO 27001 Clause 5.2 Policy Information Security Policy is the main information security policy and is part of a framework of policies. It includes the Information Security Objectives. It includes the requirements to meet legal and regulatory obligations. It includes a commitment to continual improvement.

Legal and Contractual Requirements Register sets out the legal, regulatory and contractual obligations

Continual Improvement Policy sets out the continual improvement policy.

The information security management system and associated documents are available electronically to the organisation based on the persons role and business need.

Communication Plan sets out the communications for the year across media and approaches

Documents are available to interested parties based on Non Disclosure Agreements and Contracts being place.

Policies provided:

Data protection Policy
Data Retention Policy 
Information Security Policy 
Access Control Policy 
Asset Management Policy 
Risk Management Policy 
Information Classification and Handling Policy 
Information Security Awareness and Training Policy 
Acceptable Use Policy 
Clear Desk and Clear Screen Policy 
Mobile and Teleworking Policy 
Business Continuity Policy 
Backup Policy 
Malware and Antivirus Policy 
Change Management Policy 
Third Party Supplier Security Policy 
Continual Improvement Policy
Logging and Monitoring Policy 
Network Security Management Policy
Information Transfer Policy 
Secure Development Policy 
Physical and Environmental Security Policy 
Cryptographic Key Management Policy 
Cryptographic Control and Encryption Policy 
Document and Record Policy
Significant Incident Policy and Collection of Evidence Policy
Patch Management Policy
ISO 27001 Clause 5.3 Organisational roles, responsibilities and authorities Information Security Roles Assigned and Responsibilities sets out the roles and responsibilities with allocated resource.

The Management Review Team meeting agenda covers the requirements of the standard.

Competency Matrix captures the core competencies and training requirements of staff in relation to information security.

Management Review Team is documented in the document: Information Security Roles Assigned and Responsibilities and has responsibility for overseeing the Information Security Management System. This group reports to the board and has board representation and certain board designated authority for decision making. The Management Review Team meeting at least quarterly and follow the agenda as defined in the standard.
ISO 27001 Clause 6.1.1 Planning General Risk Management Policy and Risk Management Procedure describe the risk management process.

Risk Register captures, manages and reports risks. These are reported to and overseen by the Management Review Team meeting.

Risk Management is part of the Continual Improvement Policy and process

Continual improvement is managed, tracked and reported using Incident and Corrective Action Log
ISO 27001 Clause 6.1.2 Information security risk assessment There is a risk management process in place and documented.

Risk Management Policy and Risk Management Procedure describe the risk management process.

Risk Register captures, manages and reports risks.
ISO 27001 Clause 6.1.3 Information security risk treatment There is a risk management process in place and documented.

Risk Management Policy and Risk Management Procedure describe the risk management process.

Risk Register captures, manages and reports risks.

All controls required are assessed and document in the Statement of Applicability

Statement of Applicability describes the applicability of controls and why they are / are not applicable.

A Risk Treatment Plan guidance is documented in the Risk Register

Residual risk acceptance is recorded in the risk register and via Management Review Team meeting and standing agenda with minutes.

Risk Owners and Treatment Owners are identified in the Risk Register
ISO 27001 Clause 6.2.1 Information security objectives and planning to achieve them The Information Security Management System describes the information security objectives and the process and roles and responsibilities.

The Information Security Policy sets out the information security objectives in policy form.

Communication Plan sets out the communications for the year across media and approaches

Documents are updated as part of the Continual Improvement Policy and process and evidence as signed of by the Management Review Team
ISO 27001 Clause 7.1 Resources Information Security Roles Assigned and Responsibilities sets out the roles and responsibilities with allocated resource.

ISMS Annex A Controls – Accountability Matrix assigns responsibility for each ISO 27002 / Annex A Control
ISO 27001 Clause 7.2 Competence Competency Matrix captures the core competencies and training requirements of staff in relation to information security.

Information Security Roles Assigned and Responsibilities sets out the roles and responsibilities with allocated resource.

ISMS Annex A Controls – Accountability Matrix assigns responsibility for each ISO 27002 / Annex A Control
ISO 27001 Clause 7.3 Awareness Competency Matrix captures the core competencies and training requirements of staff in relation to information security.

Communication Plan sets out the communications for the year across media and approaches

Information Security Awareness and Training Policy sets out the training and awareness requirements

All policies include a statement on non conformance.

Grievance and disciplinary policy and processes are needed to be in place.

Employment contracts and third party contracts need to include coverage of information security requirements.
ISO 27001 Clause 7.4 Communication Communication Plan sets out the communications for the year across media and approaches. It lays out what, when, who and how and records evidence.
ISO 27001 Clause 7.5.1 Documented information General The information security system is in place and evidenced and is high level described in document: The Information Security Management System. Documents as described per each control.
ISO 27001 Clause 7.5.2 Creating and updating Document and Record Policy

Documents appropriate to the organisation and evidenced as having the mark up included

Documents are reviewed and signed of by the Management Review Team and evidenced as such.

Documents are updated in line with Continual Improvement Policy and the continual improvement process
ISO 27001 Clause 7.5.3 Control of documented information Documents stored and accessible appropriate to the organisation.

Version control and document history in place.

Documents retained and disposed in line with the Data Retention Policy.
ISO 27001 Clause 8.1 Operational planning and control The information security management system and associated processes are evidenced as being in place.

Documents and version control are in place. Audit Plan kept for a minimum of 1 year in line with the Data Retention Policy

Change Management Policy 

Third Party Supplier Security Policy 

Third Party Supplier Register is in place with periodic reviews needed based on criticality, risk and business need.
Current in date contracts are needed to be in place for all key suppliers.
ISO 27001 Clause 8.2 Information security risk assessment There is a risk management process in place and documented.

Risk Management Policy 

Risk Register

All controls required are assessed and document in the Statement of Applicability

Risk assessment is performed at points of significant change on introduction of new technology and at least annually.

Risk Meeting Minutes in place.
ISO 27001 Clause 8.3 Information security risk treatment There is a risk management process in place and documented.

Risk Management Policy 

Risk Register

All controls required are assessed and document in the Statement of Applicability

Risk assessment is performed at points of significant change on introduction of new technology and at least annually.

Risk Meeting Minutes in place.

Risk assessment is needed to be performed at points of significant change on introduction of new technology and at least annually.
ISO 27001 Clause 9.1 Monitoring, measurement, analysis and evaluation The Information Security Management System sets out the objectives.

These are managed and reviewed at the Management Review Team meeting which is documented in the document: Information Security Roles Assigned and Responsibilities.

The agenda template covers the requirements of the standard and is seen to be in operation in the meeting minutes.

A program of internal audit is conducted and document: Audit Plan sets out the audit plan for the year.

Continual Improvement Policy sets out the continual improvement policy.

Incident and Corrective Action Log captures and manages the corrective actions.
ISO 27001 Clause 9.2 Internal audit The ISO 27001 Audit Toolkit provides everything that is needed.

Easy to follow step by step guide – How to Conduct an Internal Audit
The ISO 27001 ISMS 114 Controls – audit work sheet
The ISO 27002:2013 Annex A  – audit work sheet
The ISO 27002:2022 Annex A  – audit work sheet
Management Audit Report
Audit Meeting Template
Audit 12 Month Planner 
ISO 27001 Clause 9.3 Management review The Management Review Team which is documented in the document: Information Security Roles Assigned and Responsibilities meets at least quarterly.

Document: Management Review Team Meeting Agenda, the agenda template covers the requirements of the standard
ISO 27001 Clause 10.1 Nonconformity and corrective action A non conformity occurs as a result of audit, incident or observation.

A program of internal audit is conducted and document: Audit Plan sets out the audit plan for the year.

Continual Improvement Policy sets out the continual improvement policy.

Incident and Corrective Action Log captures and manages the corrective actions.

Management Review Team oversees non conformity and corrective action as part of standing agenda
ISO 27001 Clause 10.2 Continual improvement Continual Improvement Policy sets out the continual improvement policy. A process of continual improvement is in place.

ISO 27001

 

Meets the requirements of ISO 27001 and the complete information security management system.

Compatible with ISO 27002:2022

Compatible with ISO 27002:2013

Includes Mandatory Documents and Mandatory Policies

Quick Look


ISO 27001 Templates Toolkit Consultant Edition Icons

Stuart Barker - ISO 27001 Templates Toolkit Consultant Edition

We’d Be Sceptical Too

As a consultant we know you are good at what you do. We also know that creating templates to work on clients is time consuming and often confusing.

We have been doing this for over 20+ years. All of our templates have been through hundreds of audits. They have been worked on buy some of the best minds in the industry.

Are they perfect? Nearly.

They are the tools of our trade. They are downloaded by professionals just like you, every day, across the globe.

You could spend your time working billable time, or you could spend your time doing it your own way.

Why not let us give you that boost.

Meet the team behind the ISO 27001 templates

Practitioners for over 20 years in Governance, Risk and Compliance. These are the ISO 27001 tools we use day in day out.

High Table ISO 27001 Templates Toolkit Consultant Edition

ISO 27001 Templates Toolkit Contents

You are going to get over 50 documents, policies, templates and processes with video walk throughs of key documents. This is everything on the store PLUS bonus content. We have included a pre-popluated and direct mapping of The ISO 27001 standard to the templates to show you exactly how it meets the requirements and which control the documents satisfy .

Included and not available on the store:

  • Video Guides on key documents
  • Access to us as industry practitioners of over 20 years
  • Training and Awareness – The Governance Framework
  • Training and Awareness – Introduction to Information Security
  • The Information Security Management System document
  • Information Security Roles Assigned and Responsibilities
  • Incident and Breach Reporting Form
  • Guide: How to conduct internal audits
  • Guide: How to deploy and implement policies
  • Context of Organisation Tutorial Videos
  • Role based access documentation
    • 1 How To – Access Control and Role Based Access
    • 2 Role Based Access Control
    • 3 Access Review Log
    • 4 Access Request Form
    • 5 Starter Leaver Mover – System Access Process
  • Business Continuity Disaster Scenarios
  • Ref Example – High Table Business Continuity Plan – our business continuity plan as example
  • Ref Example – Disaster Recovery Exercise 2021 – our business continuity test as example

Can I use The ISO 27001 Toolkit for more than 1 business? For my clients?

Answer: Yes. The ISO 27001 Templates Toolkit: Consultant Edition 2022 includes unlimited business license.

What format is ISO 27001 Templates Toolkit: Consultant Edition 2022 in?

Answer: The templates are in Microsoft Office format, Microsoft Word and Microsoft Excel

Do you provide training on the ISO 27001 Templates Toolkit: Consultant Edition 2022 ?

Answer: Yes. We can offer you up to 1 hour of free time to show you how to use it and how it hangs together. Extra training is available based on what you need for a small fee.

Who are you and how do I know the ISO 27001 Templates Toolkit: Consultant Edition 2022 is any good?

Answer: The author is Stuart Barker who has been in governance risk and compliance for over 20 years. He has worked for some of the worlds largest organisations, and some of the smallest. He built and sold a cyber security consultancy and actively consults on ISO 27001 today. You can check out / stalk or connect with Stuart here https://www.linkedin.com/in/stuartabarker/

Is there a portal version of the ISO 27001 Templates Toolkit: Consultant Edition 2022?

Answer: No, we do not support portals. There are too many downsides to portals from ongoing costs, training, ambiguity on where the data is and how secure it is … the list is endless. The disadvantages far out way any benefits for what is a glorified document storage solution akin to One Drive or Dropbox. For small business and professionals we do not see any benefit in portals. We are not in the market of reselling services people do not need.

Pay

Upfront Payment – £839.92 ( Save 30% ), Pay Monthly – £99.99

Customer reviews

Rated 5 out of 5 stars
5 reviews
4 stars 0
3 stars 0
2 stars 0
1 star 0

5 reviews for ISO 27001 Templates Toolkit: Consultant Edition 2022

Add a review

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Secure Payments

Powered by Stripe - black
Apple Pay at High Table
Visa at High Table
Mastercard at High Table
American Express at High Table

As Seen On

As see on at High Table
Shopping Cart