Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

ISO27001 Toolkit Has Been Updated



In line with the fundamental principle of continual improvement that underlies all of the ISO standards we deal with, we have updated the ISO27001 Toolkit to address more areas of the standard, fix the occasional error and provide more examples of how to complete some of the existing forms.

New Documents

The first of the new documents we have included is a Social Media Policy which sets out guidelines for employees when using the organization’s social media accounts such as Twitter, Facebook and LinkedIn. It covers areas such as making it clear that the person posting the content represents the organization, fact-checking before re-communicating others’ posts and having due regard for varied cultures and the way that messages could be interpreted.

A Procedure for Managing Lost or Stolen Devices has been added to the Toolkit to further address section A.8 of Annex A which deals with asset management.

An important follow-up to information security breaches is learning the lessons from them and closing any gaps that have been exposed within the organization’s defences. To this end, and to address more fully control A.16.1.6 from Annex A, a new form, Lessons Learned Report, has been added.

Enhanced Content

As part of this revision we have updated a number of documents to provide more content. The  Information Security Competence Development Procedure now has a section describing the skills required of a risk owner and the Awareness Training Presentation now has more information about the legal framework outside the UK, including the USA, EU and a selection of other countries.

Good practice advice about passwords from NIST and the UK National Cyber Security Centre (NCSC) has been added to the Access Control Policy (including non-expiring passwords and prevention of use of common passwords such as Password1 and 123456).

The Network Security Policy has been updated to remove references to the now-compromised SSL in favour of the TLS protocol.

We have also updated the Context, Requirements and Scope document to use the commonly- quoted PESTLE method to cover the external issues relevant to the ISMS.

More Examples

One of the feedback items from our last customer survey was to include more examples of completed forms, so in this release we have included examples for the Supplier Evaluation Questionnaire, Internal Audit Action Plan and Lessons Learned Report.

Error Corrections

Lastly, we’d like to thank our customers who have pointed out a number of small errors and omissions which we have fixed in this release. These include a field error, inaccurate document references, the odd heading numbering correction and changes to make the page numbering adjust correctly when the CertiKit information is removed from the front of each document.

In Conclusion

As always, we’re very grateful to our customers who have asked us questions and let us know about changes they would like to see. Every CertiKit toolkit is a result of the feedback we get from those that use them in the field, and we try our best to listen hard at all times and make them as useful as possible for our existing and future customers.

Best Regards

The CertiKit Team

We’ve helped more than 4000 businesses with their compliance


I really love the introductions and guidance in each document. This makes it so easy to use for my team and the uninitiated to quality management.

Chauncery Ventures

View all Testimonials