I am looking for a document framework for the ISO 27001 standard. Has anyone found a good and reputable resource with templates for the required minimum documentation of a certified ISMS? 

Security & GRC
3.7k viewscircle icon3 Upvotescircle icon3 Comments
Sort by:
Chief Information Security Officer in Healthcare and Biotech2 years ago

I used the https://www.iso27001security.com/html/toolkit.html 

Senior Information Security Manager in Software2 years ago

Try https://www.iso27001security.com/

Strategic Banking IT advisor in Banking2 years ago

Hi!

I once bought a template (not for 27001 however) from this site:

https://www.itgovernanceusa.com/shop/category/itgp-toolkits

They were inexpensive and did the job for my purpose.   

There's also a website with free templates :

https://www.iso27001security.com/html/toolkit.html

I hope it could help.

Steve

Lightbulb on1

Content you might like

Who has the purchasing power at your organization when it comes to security?

CIO46%

CISO42%

Other C-suite individual (please specify)8%

Difficult to say.2%

View Results

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

What do folks think of this ?
https://www.npr.org/2020/08/20/904113981/former-uber-executive-charged-with-paying-hush-money-to-conceal-massive-breach

Over reach by an aggressive prosecutor ?6%

UBERs prior CEO should be the one charged ?39%

This sort of payment/use of bug bounty happens routinely ?30%

CISOs/CSOs are now on notice for the actions they take ?16%

I am going to do a deep dive on my bug bounty program immediately ?2%

Most companies do some sort of breach coverup - especially when it comes to potential IP theft?4%

View Results

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?