Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

ISO27001 Toolkit Version 7 is here!




Recently we’ve been beavering away in the CertiKit office to create the next version of the ISO/IEC 27001 toolkit and we have to say we’re pretty pleased with the result. Version 7 is now available to all new customers and existing customers under support and represents a significant upgrade, with 19 new documents added to the toolkit and enhancements to most of the existing ones.

How we get feedback

The new version is based on feedback from our customers which we obtain in a number of ways. Firstly, we talk to our customers (which is always a good start) to find out what they need the toolkit to do for them, what their priorities are and how they use the documents. Then we run an annual feedback survey to ask our entire customer base to tell us how they are getting on, what they like and don’t like about using the toolkit and to give us any new ideas they have about how to make it better. As an added incentive, we always offer a bit of tech as a prize with the winner drawn from everyone that contributes. Previously we’ve given away an iPad, an Apple Watch and an iPad Mini 4 but this year (July 2016 onwards) we’re moving away from Apple and offering a Sony PlayStation Virtual Reality headset which, although it isn’t in the shops yet, promises to be a lot of fun for the winner.

We also encourage our customers to complete a post-sale survey to find out their main reasons for purchasing the toolkit and when we have a pre-sales contact we listen carefully to what potential buyers are looking for and try to add that into the development mix too. Support queries provide a great source of information too; we make sure we log every one and add any faults or enhancements to the development list as soon as possible.

Of course, we run an ISO/IEC 27001-certified management system ourselves, so that gives us a great insight into the trials and tribulations of actually doing it for real, as well as a chance to grill our auditors on a regular basis about what they experience elsewhere. Lastly, we sometimes work on a consultancy basis with organizations who are implementing an ISMS using our toolkit which gives plenty of opportunities to see what works and what doesn’t.

So we take the feedback from all of these sources and turn it into a set of requirements for the new version.

What have we changed?

High on the list for Version 7 was to provide an even more increased level of focus on the specific requirements of the standard; to make it very clear which documents addressed which requirements and to remove anything that didn’t have an obvious purpose in reaching certification. We renamed some documents and tailored our use of terms to match the standard more closely – for example the Mobile Computing Policy is now the Mobile Device Policy as that is the way the standard refers to it. Since we have a licensing agreement with BSI, we also made more use of the exact contents of the standard in appropriate places, such as providing the full list of Annex A controls within the risk assessment and treatment plan.

We reordered the headings and content in some documents to flow better and match the layout of ISO/IEC 27001 and we introduced some cosmetic changes such as the addition of a cover page, placing the information classification in the header of every page and referencing each figure and table more formally. We have also changed the document referencing convention to distinguish between documents and forms.

Although the standard doesn’t change, of course the world does, so we ensured that any relevant updates were incorporated too. One of these was the European Union General Data Protection Regulation 2016 which, despite being an EU law, is likely to affect many organizations on other continents too.

What have we added?

New documents added in Version 7 include:

  • ISO27001 In Simple English
  • Information Security Competence Development Procedure
  • Procedure for Management Reviews
  • Internal Audit Report
  • Internal Audit Checklist
  • Cloud Computing Policy
  • Data Centre Access Procedure
  • Supplier Due Diligence Assessment Procedure
  • Information Security Event Assessment Procedure
  • Privacy and Personal Data Protection Policy

We have also included more example documents with the contents completed so that the type of information needed is clearer.

In Summary

We’re pleased to be able to offer an ISO/IEC 27001 toolkit that gives you what you need to achieve certification in a format that makes it easy to complete and tailor. We promise to  carry on listening and hope that you will continue to show the fantastic degree of support that you have given us over the last twelve months.

We’ve helped more than 4000 businesses with their compliance


I really love the introductions and guidance in each document. This makes it so easy to use for my team and the uninitiated to quality management.

Chauncery Ventures

View all Testimonials