Safely move on from COVID-19

ISO 27001 Policies and Controls

Actionable and ready to adopt, adapt or add to

Get a head start with ISO 27001 policies and controls documentation plus the software tools to get the job done well

Accelerating your implementation

‘Out-of-the-box’ you will have an online ISMS that includes a 77% head start with the requirements, policies, guidance and controls that you need for success.

Why not 100%?…

Every organisation is unique in some way and no off the shelf toolkit will meet all your needs, despite what some well-known vendors might suggest. In fact, it is unlikely their ‘comprehensive’ toolkit will meet many of your needs when you come to actually implement it! Check out this article to learn more about ISO 27001 documentation toolkits.

Achieve ISO 27001 first time

Avoid the pitfalls

ISO 27001 is more than just a manual. To achieve a meaningful certification, you must be able to evidence that you have embedded the required working practices. You must also have an operational information security management system (ISMS). That doesn’t mean you need to spend large amounts of money with old fashioned information security vendors and out of date technology.  However, it does mean you need more than a bunch of downloaded generic policy templates gathering dust in a shared folder somewhere. Off-the-shelf ISO 27001:2013 document toolkits also generally need a large degree of customisation before they can be implemented in a way that allows you to run your business the way you want to.  Depending on the quality of the tools, they can be hard work to use in practice. For example, to update and control in the required regular reviews.

Some organisations may even offer to prepare a manual for you and certify their own work – beware the differences between certification and compliance…it can be a costly mistake and one that offers little assurance to your powerful customers! is so much more than a simple set of documents. It is a trusted ISO 27001 software solution with documentation that sits alongside practical approaches and the tools that will ensure you manage your ISMS without hindering ‘business-as-usual’.

Adopt, Adapt, Add policies that complement the software and your desired way of working

You can quickly adopt our proven approach to meeting the requirements of ISO 27001: 2013 and many of the control objectives too.

Or, easily adapt policies that already meet the standards of UKAS accredited auditors to reflect your desired ways of working.

And, for those areas where your practices are unique, you simply add your own policies (and if you need help creating them one of our trusted partners can assist you)

Actionable policies and controls

Whether you are working towards ISO 27001:2013 or meeting the requirements of GDPR, risk management is at the core of information security and data privacy management.

Arriving at a risk methodology, creating your policy and building a method to demonstrate how you will identify, evaluate and treat your risks can involve weeks of work.

It is a great example of how combines documentation and technology to reduce your management resource…not just in implementation but in the ongoing management of your ISMS.

We’ve given you a robust risk management methodology ready to adopt straight out of the box. We’ve also given you the tools to manage your ongoing risk work, avoiding death by spreadsheet! At last, updating, controlling, reviewing and evidencing your risks and treatments is all now quick and easy to do in your dynamic and integrated


Build your business case for an ISMS


Phone:   +44 (0)1273 041140