Documenting your information security management system (ISMS) is mandatory for ISO27001 certification and is incredibly important for any successful implementation, but it is often the hardest thing to complete.
IT Governance, the leading provider of information security, risk management and compliance products and services, has recently released the ISO27001:2013 ISMS Standalone Documentation Toolkit. This toolkit is complete with pre-written policies and procedures designed to save you time, money, and unnecessary hassle. Auditors recognize these templates as fit-for-purpose, and they will benefit any type and size of organisation implementing an ISMS in line with ISO27001.
Below is a breakdown of all the documents provided in the ISO27001 toolkit.
– 7 x policies – Researching, creating, developing, and receiving approval for a policy can take up to 3 solid days.
– 55 x procedures – Developing and receiving approval for a procedure can take 2-3 solid days.
– 23 x work instructions – Time to develop a work instruction: 1 day.
– 25 x records – Time to create a record template: 1 day,
– Guidance documents
– Blank templates
– Project tools
Based on IT Governance’s experience of ISMS implementation, they estimate that this toolkit could save you up to 250 working days – a year’s work – over the course of a project. More importantly, the system you end up with will be robust and compliant with ISO27001.
The ISO27001:2013 ISMS Standalone Documentation Toolkit has helped hundreds of organizations reach ISO27001 certification cost-effectively and in considerably less time than creating the documents from scratch.
To find out more about this toolkit, visit IT Governance >>
About IT Governance
IT Governance is a unique organisation. It sources, creates and delivers products and services to meet the evolving IT governance needs of today’s organisations, directors, managers and practitioners. The company’s objective is to be the one-stop-shop for comprehensive corporate and IT governance information, advice, guidance, books, tools, training and consultancy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.