Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you request to download our free implementation guide, we use your name, company name (which is optional) and your email address to email you a link to download the requested document. We may also email you after your download in order to follow up on your interest in our products and services. We will do this based on our legitimate interest in marketing to prospects for our products and services. Your name and email address are stored on our website which is hosted with Digital Ocean. Your personal data is stored for one year after you requested your download, after which it is deleted.

Reveal Menu

ISO27001 Toolkit Has Been Updated



In line with the fundamental principle of continual improvement that underlies all of the ISO standards we deal with, we have updated the ISO27001 Toolkit to address more areas of the standard, fix the occasional error and provide more examples of how to complete some of the existing forms.

New Documents

The first of the new documents we have included is a Social Media Policy which sets out guidelines for employees when using the organization’s social media accounts such as Twitter, Facebook and LinkedIn. It covers areas such as making it clear that the person posting the content represents the organization, fact-checking before re-communicating others’ posts and having due regard for varied cultures and the way that messages could be interpreted.

A Procedure for Managing Lost or Stolen Devices has been added to the Toolkit to further address section A.8 of Annex A which deals with asset management.

An important follow-up to information security breaches is learning the lessons from them and closing any gaps that have been exposed within the organization’s defences. To this end, and to address more fully control A.16.1.6 from Annex A, a new form, Lessons Learned Report, has been added.

Enhanced Content

As part of this revision we have updated a number of documents to provide more content. The  Information Security Competence Development Procedure now has a section describing the skills required of a risk owner and the Awareness Training Presentation now has more information about the legal framework outside the UK, including the USA, EU and a selection of other countries.

Good practice advice about passwords from NIST and the UK National Cyber Security Centre (NCSC) has been added to the Access Control Policy (including non-expiring passwords and prevention of use of common passwords such as Password1 and 123456).

The Network Security Policy has been updated to remove references to the now-compromised SSL in favour of the TLS protocol.

We have also updated the Context, Requirements and Scope document to use the commonly- quoted PESTLE method to cover the external issues relevant to the ISMS.

More Examples

One of the feedback items from our last customer survey was to include more examples of completed forms, so in this release we have included examples for the Supplier Evaluation Questionnaire, Internal Audit Action Plan and Lessons Learned Report.

Error Corrections

Lastly, we’d like to thank our customers who have pointed out a number of small errors and omissions which we have fixed in this release. These include a field error, inaccurate document references, the odd heading numbering correction and changes to make the page numbering adjust correctly when the CertiKit information is removed from the front of each document.

In Conclusion

As always, we’re very grateful to our customers who have asked us questions and let us know about changes they would like to see. Every CertiKit toolkit is a result of the feedback we get from those that use them in the field, and we try our best to listen hard at all times and make them as useful as possible for our existing and future customers.

Best Regards

The CertiKit Team

Over 3000 businesses have purchased our toolkits


I found the toolkit templates easily map back to the standard. The introductory information for each document was helpful in preparing for our external audit.

Senior Manager
V-Tech Solutions, Inc. USA

View all Testimonials