You work for a small or medium company and you’d like to become compliant, but budget is always an issue. The ISO 27001 Documentation Toolkit from 27001 Academy is here to help. The Toolkit is available in several languages and will guide you through the whole process for a fraction of the cost of a consultant.
It’s important to note that I’m not an ISO 27001 expert. Still, I was curious to see what value could the Documentation Toolkit offer to someone that’s approaching this challenge for this first time.
Inside the Toolkit
The basis of the Documentation Toolkit is an extensive assortment of documents, arranged in the course you should follow during your implementation.
In order to help you stay organized, the Toolkit provides a “List of documents” file that outlines the documents that are mandatory according to the standard, and explains which documents cover which clauses from the standard. This file is your reference point, as it will enable you to quickly find the documents you need at all times.
If you’re a visual person, you’ll be glad to know the Toolkit also provides a diagram of the ISO 27001:2013 implementation process in PDF format for easy printing:
Depending on the size of your organization, you’ll have to write and structure a great deal of documents. A substantial portion of the documents included in the Toolkit are already filled, you’ll just have to add the particulars of your company. To make things even more simple, the documents have a system in place that help you understand what information is missing.
Since the standard doesn’t prescribe a set documentation format, you are free to change the documents quite a bit. However, in case you’re in doubt on what you’re allowed to delete something, I suggest you review the standard itself to see what’s allowed.
You’ll find it much easier to fill in the templates once you understand how they are structured. Thankfully, most of the included templates are structured in the same way (the exceptions are appendices and Excel files), and you’ll soon be able to discern the common elements.
Real support and guidance
If you’re having trouble getting your project off the ground and setting a scope, if you can’t find your way in the documentation, if you’re not sure how to communicate the importance of this within your organization, you can get in touch with a resident expert through Skype of GoToMeeting as this service is included in the price of your Toolkit.
Also, as your subscription starts, you’ll get the occasional email offering helpful information about how to work the Toolkit to your advantage. I found these to be a great additional resource as well as motivational tool.
There’s one thing to keep in mind. While the Toolkit is available in English, Croatian, Dutch, German, Portuguese and Spanish, support and videos are available in English only.
Videos and webinars
With the Toolkit you get access to video tutorials and webinars that demonstrate how each document is supposed to be filled. You can watch them as much as you want, whenever you need, for one year after the purchase of your Toolkit.
Included are video tutorials for writing the Procedure for Document and Record Control, Procedure for Internal Audit, Statement of Applicability, Risk Treatment Plan, Risk Assessment Methodology, Business Impact Analysis Methodology, Business Continuity Strategy, Business Continuity Plan, and many others.
My 2 cents
The ISO 27001 Documentation Toolkit is exceptionally well-organized, it comes with video tips and tricks, personalized help and a myriad of documents that will make your security implementation easier. At $699, you get your money’s worth several times over.