ISO 27001:2022 Documentation Kit

Considering the need of ISO 27001 documentation kit, and how fake consultants make huge money by selling the papers to organizations just changing the names in those documents instead of real services as expected from consultants, ISOFolder is a place where we are trying to make the system effective for documentation for any certification or compliance globally by providing pre-written documentation kit.

No Matter you are planning to get certified based on international standards e.g. ISO 9001, ISO 14001, ISO 45001, HACCP, etc. or you are asked documentation for compliance e.g. pre-qualifying, legal compliance, tendering, etc. Our Documentation kit will facilitate you with less time and cheapest price.

Our Documentation Kit is written in plain English to make easily customized by you without expertise in standards. We developed a documentation kit while making it user-friendly, easy to learn and time-saving.

Content of Documentation Kit

Documentation Kit is designed in following Three tiers of documents

• Tier 1 – Manual & Policies – This provides the reference to each requirement of the standard. We make the structure of the manual same as the standard, so that you can easily understand and follow requirements.
• Tier 2 – Procedures – This provides additional information referred in the manual that how you are doing specific activities in your organization.
• Tier 3 – Formats – These are an actual document that you use to show your compliance with the standard.

We have added many documents for reference and use, however, you can add any additional document which is not part of our documentation kit, or can ignore those document which is not applicable to your activities from our documentation kit.

It is recommended the documentation kit shall be reviewed by senior management, managers, and employees as relevant to them which can help to understand ISO 27001.

Documentation kit contains an ISMS Manual that addresses clause wise details for how ISO 27001 systems are designed and implemented in your organization.

Following Policies are coming with kit

1. Acceptable Use policy-Information Services
2. Infrastructure Policy
3. Policy For Access Card
4. Back up Policy
5. Clear desk and clear Screen Policy
6. Physical Media & Disposal Sensitive Data
7. Electronic Devices Policy
8. Laptop Policy
9. Password Policy
10. Patch Management
11. User registration Access Management
12. Policy for working in Secured Areas
13. Visitor Policy
14. Work Station Policy
15. Cryptographic Policy
16. LAN Policy
17. Training Policy
18. Mobile Computing Policy
19. Telework Policy
20. Internet
21. Messenger And Email
22. Change Control
23. Freeware and Shareware Policy

28 procedures, which helps you to manage your operations and address requirements of ISO 27001 through the implementation of procedures.

1. Procedure For Risk Management
2. Procedure For Organization Security
3. Procedure For Assets Classification & Control
4. Procedure For human resource Security
5. Procedure For Physical And Environmental Security
6. Procedure For Communication & Operational Management
7. Procedure For Access Control
8. Procedure For System Development And Maintenance
9. Procedure for Business Continuity Management Planning
10. Procedure For Legal Requirements
11. Procedure For Management Review
12. Procedure For Documented Information Control
13. Procedure For Corrective Action
14. Procedure For Control Of Record
15. Procedure For Internal Information Security Management System Audit
16. Procedure for control of nonconformity and improvement
17. Procedure For Personnel and Training
18. Scope Documentation For Implementation
19. Approach Procedure For ISMS Implementation
20. Procedure for liaison with Specialist Organizations
21. Procedure For Group Internal And E-mail Usage Procedure
22. Sop For Software Configuration Management
23. Procedure for Server Hardening
24. Procedure for the Management of Removable Media
25. Procedure for the Handling of Virus Attacks
26. Information security incident management Procedure
27. Standard Operating Procedure for Audit trails
28. SOP for Business Continuity Plan

46 Formats, which is actually used to implement the system and keep records to provide evidence of the fulfillment of standard requirements.

1. Visitor Entry Register
2. Employee leaving/transfer/termination Checklist
3. Employment confidentiality and Non-competition agreement
4. Job Description and Specification
5. Supplier confidentiality and Non-competition agreement
6. Training Calendar
7. Employees Competency Report
8. Induction Training Report
9. Training Report
10. Skills Matrix Sheet
11. Purchase Order
12. Material Inward / Outward Record
13. Approved supplier list
14. Contract Review Checklist / Summery of Contract
15. Customer Complaint Report
16. Customer Feed Back Form
17. Service level agreement
18. Software Project Plan and Review Approval Register
19. Minutes of meeting
20. Configuration Items List
21. Change Request
22. Asset Identification and Classification
23. Risk Assessment and Treatment Plant
24. New User Creation Form
25. Media Disposal and Scrap Record
26. Security incident Investigation Form
27. Capacity Planning
28. Business Continuity Test Report
29. ISMS Objective Monitoring Report
30. Key Activities Input And Output
31. Asset Identification And Classification
32. Statement Of Applicability report
33. Implementation Of Recommended Control
34. Continual Improvement Monitoring Log
35. ISO 27001:2013 Audit Check List Report
36. Internal ISMS Audit NCR Report
37. Audit Plan / Programme
38. IS Objectives implementation Plan
39. Master List Of Record
40. Corrective Action Report
41. Change Note
42. Master List And Distribution List Of Document
43. Department: Information Security Management System
44. Preventive Maintenance Check List
45. Breakdown History Card
46. Outsourced Service Details