When we create a new version of one of our toolkits, we take into account customer feedback, discussion with auditors and our own ideas from using the toolkit and running a certified management system here at CertiKit. It’s now the turn of the ISO20000 Toolkit and we are pleased to announce that Version 7 is available. All customers currently within support will receive this update free of charge as part of their subscription.
In common with our recent update to the ISO27001 toolkit, this revision has a heavy emphasis on spreadsheet layout and functionality, with improvements being made to many of the key tools including gap assessments, risk assessment and treatment, project plans and service improvement plan.
In improving these tools, we have tried to ensure we add useful functionality without introducing undue complication (e.g. we never use macros). Many of the improvements are based around the use of Excel Tables (rather than Ranges) which give more options in look and feel and allow supporting items such as data slicers and auto-update charts to be included. We have also paid some attention to how the tables look when they are printed too, with better print layouts and footers.
A new gap assessment has been created which is questionnaire-based and asks a series of questions related to each section of the standard to provide a reasonable understanding of how close to meeting the standard your organization is. This supplements the existing requirements-based gap assessment which is still in the toolkit. Both gap assessments have been reformatted and additional charts added to show how much (or little) work you still have to do to achieve conformity.
For those who purchased the Enhanced Gap Assessment Tool we have revamped this too, adding a significant number of new charts to present the assessment results in different ways.
The risk assessment and treatment tool has been reformatted with data slicers and additional charts showing the position before and after risk treatment.
We’ve listened to feedback from some of our customers about our policies and made the language used in some of them stronger e.g. use of the verb “must” rather than “should”. This is particularly true of the Information Security Policy within the toolkit.
We’ve added more example documents, including service requirements, business impact analysis and definitive media library catalogue, and we’ve also created a new Data Centre Access Procedure document and corrected any formatting errors and typos we are aware of.
Finally, we have updated the Implementation Guide to reflect the changes and added a section about recommended documentation structure for smaller organizations (mainly if they want to reduce the number of documents).
This update is part of our continuous quest to make our toolkits as useful to the customer as we can and we’d like to thank everyone who has contributed to the improvements in this release. Feedback is very important to us so please keep it coming!
The CertiKit Team