I am looking for a document framework for the ISO 27001 standard. Has anyone found a good and reputable resource with templates for the required minimum documentation of a certified ISMS? 

3.3k views3 Upvotes3 Comments

Strategic Banking IT advisor in Banking, 10,001+ employees

I once bought a template (not for 27001 however) from this site:


They were inexpensive and did the job for my purpose.   

There's also a website with free templates :


I hope it could help.

Senior Information Security Manager in Software, 501 - 1,000 employees
Try https://www.iso27001security.com/
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
I used the https://www.iso27001security.com/html/toolkit.html 

Content you might like

Data security51%

Shared resources/services35%


Other: please specify.1%


2.4k views5 Upvotes1 Comment

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.31%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.52%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.13%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%


9.5k views9 Upvotes1 Comment

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.6k views133 Upvotes324 Comments