Build or upgrade your ISMS on our platform

Innovative cyber security and ISO 27001 management software provider introduces free policies


Innovative cyber security and ISO 27001 management software provider introduces free policies

ISMS.Online announces the release of accredited ISO 27001 policies included free in their groundbreaking software solution for implementing, managing and improving information security management.

Brighton, UK:

The cyber & information security market is growing fast and many new organisations are seeking to improve their security credentials in order to win new business or retain existing customer and stakeholder confidence. This is great news for building stronger and safer supply chains.

However building and implementing an accredited Information Security Management System (ISMS) to meet ISO 27001:2013 could cost even a small organisation tens of thousands of pounds and many months of time. In relation to the benefits and risks, for example of a costly data breach that could seriously damage the company, the investment is still pretty small. The market is awash with solutions offering to save time and money but they don’t always do that.

Many of those new to setting up an ISMS are currently being shortchanged by long established IT governance suppliers who are selling old fashioned approaches to achieving standards like ISO 27001:2013. These approaches could actually increase total cost and create more risk by not being fit for purpose in the practical execution and management of an ISMS.


As such ISMS.Online is now taking a stand. It is giving away its successful policies to help its customers avoid these pitfalls, whilst also offering its integrated technology system at a fraction of the cost to build from scratch or buy the individual parts from others.

ISMS.Online, the innovative cyber security startup already offers all the tools and frameworks needed for information security management system success. Now, in response to hearing and seeing too many instances where firms are buying ‘off the shelf’ policy documentation and seeing no value, it is now giving away relevant and practical policy documentation to its customers. Not only does this save significant time and money for organisations new to ISO 27001, it increases the chances of sustainable success too.

Mike Saunt, CEO of Astun Technology, another new customer of ISMS.Online, felt this new initiative is really positive. He was already very excited at how the cloud software was going to help them deliver their ISO 27001 and this latest move will save his organisation even more time and money, giving them a very strong foundation on which to add their existing policies.

ISMS.Online describes the new initiative as Adopt, Adapt, Add and it takes an organisation up to 77% complete with its ISMS policies, out of the box. The policies that relate directly to the ISMS.Online tools and frameworks can simply be Adopted, saving huge time and cost. Other policies included can be easily Adapted for the way the organisation wants to work in practice, with the remaining 23% expected to be unique and Added by the organisation or its security advisors, as AstunTechnology are doing. ISMS.Online has also provided guidelines and tips on how to approach completion and if required, can offer affordable access to specialist consultant partners too.

This is an enormous head-start to those seeking help with their ISO 27001 implementation. Along with the system, it really is an ISMS in a box’ that demonstrates significant value.

Mark Darby, CEO of Alliantist, the successful software firm behind ISMS.Online, actually fell into the policy document toolkit trap himself 4 years ago. He said “We like many newbies seeking to achieve ISO 27001 believed the marketing hype behind policy ‘toolkits’ and very cheap routes to standard success. We wasted about £1k on what turned out to be MS Office templates, but it also cost us more expensive management time too. We tried to shoehorn these generic policies into our desired way of working but also lacked the tools to bring it to life. I also quickly realised that the key to success was the ‘whole system’, not just policy documentation”.

“In summary, there is no value in cheap, off-the-shelf document toolkits that are not integrated into a wider system. They fell a long way short of being relevant to the way we ran our modern and agile business. They don’t help you embed information security management into your business in an integrated fashion. They certainly don’t help you manage staff communication and engagement, and they don’t provide simple and effective methods for evaluating, measuring and improving your information security posture either, all of which are critical for certification success. In short, you are a long way off operating an effective ISMS. To achieve that you need practical business tools with relevant policies and ISMS.Online meets that need”

Darby concluded, “The real value of our solution is in the software which not only makes implementing ISO 27001 much faster, and therefore more cost effective, but also ensures you build an ISMS that is simple and effective to maintain and continually improve with less management resource. By sharing our policies and guidelines for free we are demonstrating that the true value lies not in the documents but in the whole system.”


More information:

For more information visit

Sales and media enquiries to Julia Heron at Alliantist:


Tel: 01273 704500

Other background information:

Done well, developing an ISO 27001:2013 based ISMS from scratch can take an organisation at least 100 days of (generally) senior management time, perhaps leading to an opportunity cost in the business of over £50k, sometimes more if those staff are more highly paid and or sell their time to customers. This approach is not guaranteed for achieving certification and the ISO 27001:2013 standard describes the comprehensive requirements needed for success, but it does not tell you how to achieve it. So it is no surprise that suppliers offer ISO 27001 solutions to help drive down the total time and cost.

Offering MS Office oriented documentation policies for many hundreds, if not thousands of pounds, is generally the starting point for some suppliers. They also go on to encourage organisations to take training and offer expensive consulting with what generally ends up being a fragmented approach towards the technology system side of the ISMS. It means less probability of in-life adoption by staff and other stakeholders with more cost to manage over time too.

ISMS.Online already provides a fast and cost-effective route to ISO 27001:2013 certification, using UKAS accredited tools and frameworks within it’s solution. The addition of free policies and guidelines adds further value to organisations looking for help in implementing the standard. It also has relationships with forward-thinking security consultants who can offer specialist expertise and virtual CISO solutions. The platform also facilitates and enables organisations to manage other information security standards, for example, Cyber Essentials and NIST security frameworks. It allows organisations to integrate other certifications like ISO 9001 easily too.

As such ISMS.Online is fast becoming the one stop shop solution for organisations who take cyber and information security seriously and want to enjoy low total costs for services that are of real value.