Recently we’ve been beavering away in the CertiKit office to create the next version of the ISO/IEC 27001 toolkit and we have to say we’re pretty pleased with the result. Version 7 is now available to all new customers and existing customers under support and represents a significant upgrade, with 19 new documents added to the toolkit and enhancements to most of the existing ones.
The new version is based on feedback from our customers which we obtain in a number of ways. Firstly, we talk to our customers (which is always a good start) to find out what they need the toolkit to do for them, what their priorities are and how they use the documents. Then we run an annual feedback survey to ask our entire customer base to tell us how they are getting on, what they like and don’t like about using the toolkit and to give us any new ideas they have about how to make it better. As an added incentive, we always offer a bit of tech as a prize with the winner drawn from everyone that contributes. Previously we’ve given away an iPad, an Apple Watch and an iPad Mini 4 but this year (July 2016 onwards) we’re moving away from Apple and offering a Sony PlayStation Virtual Reality headset which, although it isn’t in the shops yet, promises to be a lot of fun for the winner.
We also encourage our customers to complete a post-sale survey to find out their main reasons for purchasing the toolkit and when we have a pre-sales contact we listen carefully to what potential buyers are looking for and try to add that into the development mix too. Support queries provide a great source of information too; we make sure we log every one and add any faults or enhancements to the development list as soon as possible.
Of course, we run an ISO/IEC 27001-certified management system ourselves, so that gives us a great insight into the trials and tribulations of actually doing it for real, as well as a chance to grill our auditors on a regular basis about what they experience elsewhere. Lastly, we sometimes work on a consultancy basis with organizations who are implementing an ISMS using our toolkit which gives plenty of opportunities to see what works and what doesn’t.
So we take the feedback from all of these sources and turn it into a set of requirements for the new version.
High on the list for Version 7 was to provide an even more increased level of focus on the specific requirements of the standard; to make it very clear which documents addressed which requirements and to remove anything that didn’t have an obvious purpose in reaching certification. We renamed some documents and tailored our use of terms to match the standard more closely – for example the Mobile Computing Policy is now the Mobile Device Policy as that is the way the standard refers to it. Since we have a licensing agreement with BSI, we also made more use of the exact contents of the standard in appropriate places, such as providing the full list of Annex A controls within the risk assessment and treatment plan.
We reordered the headings and content in some documents to flow better and match the layout of ISO/IEC 27001 and we introduced some cosmetic changes such as the addition of a cover page, placing the information classification in the header of every page and referencing each figure and table more formally. We have also changed the document referencing convention to distinguish between documents and forms.
Although the standard doesn’t change, of course the world does, so we ensured that any relevant updates were incorporated too. One of these was the European Union General Data Protection Regulation 2016 which, despite being an EU law, is likely to affect many organizations on other continents too.
New documents added in Version 7 include:
We have also included more example documents with the contents completed so that the type of information needed is clearer.
We’re pleased to be able to offer an ISO/IEC 27001 toolkit that gives you what you need to achieve certification in a format that makes it easy to complete and tailor. We promise to carry on listening and hope that you will continue to show the fantastic degree of support that you have given us over the last twelve months.