I am looking for a document framework for the ISO 27001 standard. Has anyone found a good and reputable resource with templates for the required minimum documentation of a certified ISMS? 

Security & GRC
3.7k viewscircle icon3 Upvotescircle icon3 Comments
Sort by:
Chief Information Security Officer in Healthcare and Biotech2 years ago

I used the https://www.iso27001security.com/html/toolkit.html 

Senior Information Security Manager in Software2 years ago

Try https://www.iso27001security.com/

Strategic Banking IT advisor in Banking2 years ago

Hi!

I once bought a template (not for 27001 however) from this site:

https://www.itgovernanceusa.com/shop/category/itgp-toolkits

They were inexpensive and did the job for my purpose.   

There's also a website with free templates :

https://www.iso27001security.com/html/toolkit.html

I hope it could help.

Steve

Lightbulb on1

Content you might like

What steps do you typically take when you notice a security team member becoming less and less engaged? How do you approach them to diagnose/address the issue?

Read More Comments

Have you evaluated any “AI native” data security platforms so far (like Concentric AI, Normalyze, etc)? Interested to know your thoughts on these, whether or not you move forward with implementing.

Do you think your board/executive leadership understands cybercrime as an industry in itself?

Yes39%

Some but not all54%

No6%

I don’t know

View Results

How vulnerable is the real estate industry to cyberattacks?

As vulnerable as tech sector37%

Less vulnerable than tech sector52%

Not vulnerable5%

Don't know3%

View Results

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?