ISO 27001 Toolkit
Overview

Our DIY ISO 27001 toolkit is for those who wish to implement policies and procedures on their own.
The toolkit consists of templates using which one can conduct gap analysis, policy documentation, and audits.
It's a dynamic set of documents, as it comes from our library, which gets continuously updated, based on our consulting engagements.
The toolkit delivery consists of a dedicated session to explain how to use the kit and answer any questions you have. It also comes with a Toolkit Q&A support.
We are sure you have questions, kindly contact us to get started. In the session, we will give you a demo, and inform the price.

Start your ISO 27001 Journey with Toolkit Now!

Key features of ISO 27001 Toolkit

ISO 27001 has 123 requirements. The toolkit has content to support all management system requirements (Clause 4 to 10), and Annexure Controls (5 to 8), covering 123 addressable requirements.
The toolkit addresses all organizational functions

We have done the mapping of controls as per any organization structure. This consists of control distribution by teams such as Sales and Business Development, Top Management, Application development, IT Operations, Cloud, Human Resources, Physical Security, Supplier Management, CISO and even an Internal Audit.
How do you map all the controls with organizational teams?
- As part of the toolkit, we provide a template for organization nominations. using this you can nominate members of the organization.
- Controls are mapped to organization nominations. This means if you nominate Alice as CISO, and Bob for HR controls, using the template Bob and Alice can see their applicable controls and applicable policies that they need to implement.

ISO 27001 Toolkit Structure

Sample ISO 27001 Documents

Here are some sample ISMS documents to help you understand how the documentation
toolkit will eventually look.

ISO 27001 Requirement

Download Coral template

Guideline to use the documents

4.3 Scope

The organization shall determine the boundaries and applicability of the information security
management system to establish its scope.
When determining this scope, the organization shall consider:

a) the external and internal issues referred to in 4.1;
b) the requirements referred to in 4.2;
c) interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations. (extract)

Statement -
ISMS Scope

Using this document, define the scope of your ISMS. This helps to define the organisation, products and services, locations, employees and contractors, and your scope of network.

4.4 Information security management system

The organization shall establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document.

ISMS - Annual
Calendar

Using this document, you can create an annual plan that shows which isms compliance activities is planned across a financial year

5.3 Organizational roles, responsibilities and authorities

Top management shall ensure that the responsibilities and authorities for roles relevant to information security are assigned and communicated within the organization.
Top management shall assign the responsibility and authority for:
a) ensuring that the information security management system conforms to the requirements of this document; (extract)

Policy -
ISMS Roles
and Responsibilities

Using this document, you can define key roles. For each role you define who is playing that role in the organisation

6.1.3 Information security risk treatment

d) produce a Statement of Applicability (SOA) that contains:

ISO27001 -
Statement-of-Applicability

SOA is a design document that helps address, several challenges in ISMS program, such as a) applicable and not applicable controls, b) Risk owner for each control, and c) Policy/procedure/technical references against each control

Please contact us if you are interested in the complete ISO 27001 documentation toolkit.