Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

CertiKit ISO27001 Toolkit Version 12

It’s all change with the ISO27001 standard, as the new 2022 update is released, and here at CertiKit we’ve been working hard to bring you an exciting new version of our popular ISO27001 Toolkit that takes full account of the changes.

The new version of the standard reflects ISO’s desire to make the management system requirements match up with the latest Annex SL structure and wording, and the need to align Annex A of the standard with the 2022 version of the ISO27002 guidance. Our earlier blog “The New ISO27001:2022 Standard is Published” explains in detail what these changes consist of and what the next steps are for certified, and non-certified organizations, so we won’t repeat this information here.

ISO27001 22 toolkit launch image

Management system changes

The changes to the management system are relatively minor but we have of course updated all of the relevant documents (such as the Gap Assessment and the Internal Audit Checklist) with the new Clause 6.3 Planning of changes, the additional sub-clauses in Clause 9 Performance evaluation, and the swapping round of the sub-clauses in Clause 10 Improvement. We’ve also taken account of the new requirements within those clauses where the wording has changed.

Annex A changes

But it’s within the Annex A controls that the most obvious changes have happened. Just to remind you, there are now 93 controls organized into four themes:

  • A.5 Organizational controls
  • A.6 People controls
  • A.7 Physical controls
  • A.8 Technological controls

Instead of the previous fourteen Annex A folders, we now have just four. Rather than present the toolkit user with large numbers of documents in four large folders (which experience has shown is too much), we have taken the approach of grouping the relevant documents by individual control, with a Folder index in each theme folder to help you see where the documents are located.

ISO27001 Toolkit v12 folder structure screenshot 1

To further help you navigate the toolkit, we have included a reference to the control name within each sub-folder, along with the documents, for example:

ISO27001 Toolkit v12 folder structure screenshot 2

New documents

As well as restructuring the toolkit in line with ISO27001:2022, we have taken the opportunity to add a total of twenty-nine new documents and forms compared to the 2013 version (some of which were included in Version 11A of the toolkit). These include:

  • ISMS Change Process
  • ISMS Change Log
  • ISMS Process Interaction Overview
  • Information Security Whistleblowing Policy
  • Online Collaboration Policy
  • Information Security Event Reporting Procedure
  • Dynamic Access Control Policy
  • Privileged Utility Program Register

Updates to existing documents

Many documents have been updated both to reflect the new control set (such as the Gap Assessment, Statement of Applicability and Risk Assessment tools) and to cater for changing technology. Some documents have been simplified in line with requirements and a few have been removed, largely for consistency reasons. Because there is no longer a direct match between the new Annex A control set and the companion standards ISO27017 and ISO27018, references to these standards have been mostly removed, although much of the relevant technical content has been retained.

New toolkit available now

Ken Holmes, CEO of CertiKit (and closely involved in the new toolkit version) said “I am delighted that we’ve been able to combine an alignment with the new standard with such a significant upgrade to the content of the toolkit. This has resulted in a truly premium product.”

Version 12 of the CertiKit ISO27001 Toolkit is available to new customers immediately via our website, and will be provided free of charge to qualifying existing customers via our lifetime updates promise.

More ISO27001 Resources:

CertiKit are a provider of ISO toolkits, consultancy and internal auditing services, and have helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the ISO27001:2022 standard, we’ve put together a list of our best free resources including video guides, blogs and downloadable documents.

Free ISO27001 Resources

We’ve helped more than 4000 businesses with their compliance


I found the toolkit templates easily map back to the standard. The introductory information for each document was helpful in preparing for our external audit.

V-Tech Solutions, Inc.

View all Testimonials