|
Part 1. Implementation resources |
|
1 |
A Guide to Implementing the ISO-IEC 27001 Standard |
45 pages |
|
2 |
ISO27001 In Simple English |
19 pages |
|
3 |
ISO-IEC 27001 Toolkit V8 Completion Instructions |
5 pages |
|
4 |
ISO-IEC 27001 Toolkit V8 Release Notes |
1 sheet |
|
5 |
Information Security Management System PID |
20 pages |
|
6 |
ISO-IEC 27001 Benefits Presentation |
9 slides |
|
7 |
ISO-IEC 27001 Project Plan (Microsoft Project format) |
1 page |
|
8 |
ISO-IEC 27001 Project Plan (Microsoft Excel format) |
1 sheet |
|
9 |
ISO27001-17-18 Gap Assessment Tool - Requirements based |
25 sheets |
|
10 |
ISO-IEC 27001 Assessment Evidence |
2 sheets |
|
11 |
ISO-IEC 27001 Progress Report |
2 pages |
|
12 |
ISO27001-17-18 Gap Assessment Tool - Questionnaire based |
25 sheets |
|
13 |
Certification Readiness Checklist |
1 page |
|
Part 2. Context of the organization |
|
14 |
Information Security Context, Requirements and Scope |
19 pages |
|
Part 3. Leadership |
|
15 |
Information Security Management System Manual |
11 pages |
|
16 |
Information Security Roles, Responsibilities and Authorities |
17 pages |
|
17 |
Executive Support Letter |
4 pages |
|
18 |
Information Security Policy |
14 pages |
|
19 |
Meeting Minutes Template |
1 page |
|
Part 4. Planning |
|
20 |
Information Security Objectives and Plan |
16 pages |
|
21 |
Risk Assessment and Treatment Process |
22 pages |
|
22 |
Asset-Based Risk Assessment Report |
13 pages |
|
23 |
Scenario-Based Risk Assessment Report |
13 pages |
|
24 |
Risk Treatment Plan |
11 pages |
|
25 |
Asset-Based Risk Assessment and Treatment Tool |
13 sheets |
|
26 |
Statement of Applicability |
4 sheets |
|
27 |
Scenario-Based Risk Assessment and Treatment Tool |
11 sheets |
|
28 |
Opportunity Assessment Tool |
6 sheets |
|
29 |
EXAMPLE Risk Assessment and Treatment Tool |
14 sheets |
|
Part 5. Support of the ISMS |
|
30 |
Information Security Competence Development Procedure |
16 pages |
|
31 |
Information Security Communication Programme |
13 pages |
|
32 |
Procedure for the Control of Documented Information |
17 pages |
|
33 |
ISMS Documentation Log |
2 sheets |
|
34 |
Information Security Competence Development Report |
13 pages |
|
35 |
Awareness Training Presentation |
24 slides |
|
36 |
Competence Development Questionnaire |
3 sheets |
|
37 |
EXAMPLE Competence Development Questionnaire |
3 sheets |
|
Part 6. Operation of the ISMS |
|
38 |
Supplier Information Security Evaluation Process |
17 pages |
|
Part 7. Performance Evaluation |
|
39 |
Process for Monitoring, Measurement, Analysis and Evaluation |
13 pages |
|
40 |
Procedure for Internal Audits |
10 pages |
|
41 |
Internal Audit Plan |
10 pages |
|
42 |
Procedure for Management Reviews |
13 pages |
|
43 |
Internal Audit Report |
15 pages |
|
44 |
Internal Audit Schedule |
2 pages |
|
45 |
Internal Audit Action Plan |
1 page |
|
46 |
Management Review Meeting Agenda |
4 pages |
|
47 |
Internal Audit Checklist |
21 pages |
|
Part 8. Improvement |
|
48 |
Procedure for the Management of Nonconformity |
10 pages |
|
49 |
Nonconformity and Corrective Action Log |
4 sheets |
|
50 |
EXAMPLE Nonconformity and Corrective Action Log |
4 sheets |
|
Section A5. Security Policies |
|
51 |
Information Security Summary Card |
2 pages |
|
52 |
Internet Acceptable Use Policy |
11 pages |
|
53 |
Cloud Computing Policy |
9 pages |
|
54 |
Cloud Service Specifications |
12 pages |
|
Section A6. Organisation of Information Security |
|
55 |
Segregation of Duties Guidelines |
12 pages |
|
56 |
Authorities and Specialist Group Contacts |
2 sheets |
|
57 |
Information Security Guidelines for Project Management |
14 pages |
|
58 |
Mobile Device Policy |
12 pages |
|
59 |
Teleworking Policy |
11 pages |
|
60 |
Segregation of Duties Worksheet |
1 sheet |
|
61 |
EXAMPLE Segregation of Duties Worksheet |
1 sheet |
|
62 |
EXAMPLE Authorities and Specialist Group Contacts |
2 sheets |
|
Section A7. Human resources security |
|
63 |
Employee Screening Procedure |
10 pages |
|
64 |
Guidelines for Inclusion in Employment Contracts |
10 pages |
|
65 |
Employee Disciplinary Process |
12 pages |
|
66 |
Employee Screening Checklist |
1 page |
|
67 |
New Starter Checklist |
2 pages |
|
68 |
Employee Termination and Change of Employment Checklist |
3 pages |
|
69 |
Acceptable Use Policy |
10 pages |
|
70 |
Leavers Letter |
4 pages |
|
Section A8. Asset Management |
|
71 |
Information Asset Inventory |
2 sheets |
|
72 |
Information Classification Procedure |
12 pages |
|
73 |
Information Labelling Procedure |
10 pages |
|
74 |
Asset Handling Procedure |
14 pages |
|
75 |
Procedure for the Management of Removable Media |
15 pages |
|
76 |
Physical Media Transfer Procedure |
11 pages |
|
Section A9. Access Control |
|
77 |
Access Control Policy |
14 pages |
|
78 |
User Access Management Process |
19 pages |
|
Section A10. Cryptography |
|
79 |
Cryptographic Policy |
12 pages |
|
Section A11. Physical and environmental security |
|
80 |
Physical Security Policy |
11 pages |
|
81 |
Physical Security Design Standards |
14 pages |
|
82 |
Procedure for Working in Secure Areas |
9 pages |
|
83 |
Data Centre Access Procedure |
10 pages |
|
84 |
Procedure for Taking Assets Offsite |
12 pages |
|
85 |
Clear Desk and Clear Screen Policy |
9 pages |
|
86 |
Equipment Maintenance Schedule |
2 sheets |
|
Section A12. Operations security |
|
87 |
Operating Procedure |
10 pages |
|
88 |
Change Management Process |
17 pages |
|
89 |
Capacity Plan |
11 pages |
|
90 |
Anti-Malware Policy |
13 pages |
|
91 |
Backup Policy |
9 pages |
|
92 |
Procedure for Monitoring the Use of IT Systems |
12 pages |
|
93 |
Software Policy |
10 pages |
|
94 |
Technical Vulnerability Management Policy |
12 pages |
|
95 |
Technical Vulnerability Assessment Procedure |
14 pages |
|
96 |
Information Systems Audit Plan |
13 pages |
|
97 |
EXAMPLE Operating Procedure |
16 pages |
|
Section A13. Communications security |
|
98 |
Network Security Policy |
15 pages |
|
99 |
Network Services Agreement |
22 pages |
|
100 |
Information Transfer Agreement |
11 pages |
|
101 |
Information Transfer Procedure |
11 pages |
|
102 |
Electronic Messaging Policy |
12 pages |
|
103 |
Schedule of Confidentiality Agreements |
2 sheets |
|
104 |
Non-Disclosure Agreement |
11 pages |
|
Section A14. System acquisition, development and maintenance |
|
105 |
Requirements Specification |
15 pages |
|
106 |
Secure Development Policy |
16 pages |
|
107 |
Principles for Engineering Secure Systems |
17 pages |
|
108 |
Secure Development Environment Guidelines |
11 pages |
|
109 |
Acceptance Testing Checklist |
14 pages |
|
Section A15. Supplier relationships |
|
110 |
Information Security Policy for Supplier Relationships |
12 pages |
|
111 |
Supplier Information Security Agreement |
17 pages |
|
112 |
Supplier Due Diligence Assessment Procedure |
10 pages |
|
113 |
Supplier Due Diligence Assessment |
2 pages |
|
114 |
Cloud Supplier Questionnaire |
3 pages |
|
115 |
EXAMPLE Supplier Due Diligence Assessment |
2 pages |
|
Section A16. Information security incident management |
|
116 |
Information Security Event Assessment Procedure |
13 pages |
|
117 |
Information Security Incident Response Procedure |
24 pages |
|
Section A17. Information security aspects of business continuity
management |
|
118 |
Business Continuity Incident Response Procedure |
35 pages |
|
119 |
Business Continuity Plan |
30 pages |
|
120 |
Business Continuity Exercising and Testing Schedule |
10 pages |
|
121 |
Business Continuity Test Plan |
12 pages |
|
122 |
Business Continuity Test Report |
14 pages |
|
123 |
Availability Management Policy |
10 pages |
|
Section A18. Compliance |
|
124 |
Legal, Regulatory and Contractual Requirements Procedure |
11 pages |
|
125 |
Legal, Regulatory and Contractual Requirements |
2 sheets |
|
126 |
IP and Copyright Compliance Policy |
15 pages |
|
127 |
Records Retention and Protection Policy |
12 pages |
|
128 |
Privacy and Personal Data Protection Policy |
13 pages |
|
129 |
EXAMPLE Legal, Regulatory and Contractual Requirements |
2 sheets |
English
The IT Toolkit has truly revolutionized our IT operations. It's the foundation of our SOPs, helps generate run books, reduces training costs, and boosts user satisfaction.
After implementing the IT Toolkit, we now have a well-organized IT plan that's professional and easy for everyone to access and use.
Our clients have responded positively. Even those who had information, found ours better organized, making us more efficient and improving our IT management.
The toolkit offers a framework for best practices, ensuring that as practices evolve, our documentation system adapts seamlessly.
The IT Toolkit brings structure to documentation management, reducing the workload on engineers so they can focus more on clients. It's a game changer.
The IT Toolkit prevents duplicate entries and has replaced two other tools, making it much more effective and faster. Our engineers love it!
The IT Toolkit is incredibly easy to use with no ramp-up time. It's a straightforward process that gives clients control while simplifying their workflow.
The IT Toolkit has given me a better understanding of IT management efficiency and provides an easy, friendly way to improve our processes.
The toolkit has helped me organize my thoughts and training strategies with our IT team, making everything more streamlined.
Excellent IT Toolkit! It's essential for all CIOs and technology managers looking to enhance their operations.
A very useful toolkit, one of the best I've used. I wish every IT manager could benefit from it.
These toolkits have boosted my confidence and empowered me to grow as an IT Manager.