ISO 27001 templates and services on sale

For organisations planning to implement ISO/IEC 27001 for the first time, the standard's requirements can be confusing, especially given the amount of dubious advice available on the web. For instance, one issue that crops up frequently on the ISO27k Forum and here on the blog is that the information security controls in Annex of the standard A are not required - in fact, they are not even recommended or suggested, despite what some non-experts advise. Annex A is provided as a checklist, a prompt to ensure we have considered a wide range of information risks. 

The standard's main body clauses, in contrast, formally specify the functional requirements for an Information Security Management System. In order for an organisation to be certified, the ISMS must be designed to fulfil the specified requirements, and must be operational, managing whatever information security controls and other treatments are appropriate given the organisation's information risks. 

In short, implementing '27001 is not a simple box-ticking compliance exercise. 

This Easter, we are offering:

• ISMS Launchpad - a complete set of templates for all the essential ISMS documents such as the scope, Risk Treatment Plan, Statement of Applicability and a corporate information security policy (on sale at US$239, normally $399). Every certified organisation needs these docs, at least.

• ISMS Take-off - further discretionary materials written specifically to inform and motivate managers on governance, strategy, policy and assurance topics, elaborating on the business value of all this. Getting managers truly on-board with the ISMS makes a huge difference to its success and longevity. (normally $475, now $237)

• ISMS Orbit - more detailed/technical materials supporting IT, information risk, security, compliance and assurance professionals. Specialists who appreciate the concepts behind information risk and security management are more inclined to support and enable it ($237, down from the usual $475).

• A comprehensive collection of information security policy templates, available individually ($20 each) or as a complete 80+ policy suite ($279 for the lot). Succinct policy statements covering a market-leading range of topics, including a brand new policy on AI/ML security.

• ISMS Mission - a special value bundle containing all the above (a best-seller at just $895).

• Creative awareness and training materials for employees, managers and specialists covering a variety of information risk and security topics ($64 per module). Either make the effort to bring everyone up to speed or delude yourself that your cyber security controls will magically compensate for their ignorance, ineptitude and carelessness. [Hinson tip: browse the headlines for ample evidence that incantations and lucky crystals are not the answer.]  

Aside from providing the templates, I would be happy to support you through the entire process, from convincing your management to proceed with the ISMS design and implementation through to its certification and beyond, into maturity. Please email me Gary@isect.com to discuss remote consultancy support, mentoring and pragmatic advice as you design, implement and operate an ISO 27001 ISMS. The odd hour of my time here and there, and perhaps a few days for a gap analysis, management review, internal audit or management briefing, will keep you on the right lines, exploiting viable short cuts while guiding you cautiously around the many crevasses.