- Documentation
See our product tour or contact our main ISO 27001/22301 expert who is here to assist you in your implementation.
- Books
SECURE & SIMPLE: A SMALL-BUSINESS GUIDE TO IMPLEMENTING ISO 27001 ON YOUR OWN
In this book Dejan Kosutic, an author and experienced information security consultant, is giving away all his practical know-how on successful ISO 27001 implementation. No matter if you’re new or experienced in the field; this book gives you everything you will ever need to implement ISO 27001 on your own.
ISO 27001 Risk Management in Plain English
This book is based on an excerpt from Dejan Kosutic's previous book Secure & Simple. It provides a quick read for people who are focused solely on risk management, and don’t have the time (or need) to read a comprehensive book about ISO 27001. It has one aim in mind: to give you the knowledge ...
ISO 27001 Annex A Controls in Plain English
In this book Dejan Kosutic, an author and experienced information security consultant, is giving away his practical know-how ISO 27001 security controls. No matter if you are new or experienced in the field, this book give you everything you will ever need to learn more about security controls.
PREPARING FOR ISO CERTIFICATION AUDIT: A PLAIN ENGLISH GUIDE
In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on preparing for ISO certification audits. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn more about certification audits.
Managing ISO Documentation: A Plain English Guide
In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on managing documentation. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn on how to handle ISO documents.
Preparations for the ISO Implementation Project: A Plain English Guide
In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on preparing for ISO implementation. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn about preparations for ISO implementation projects.
ISO Internal Audit: A Plain English Guide
In this book Dejan Kosutic, an author and experienced ISO consultant, is giving away his practical know-how on ISO internal audits. No matter if you are new or experienced in the field, this book gives you everything you will ever need to learn and more about internal audits.
BECOMING RESILIENT: THE DEFINITIVE GUIDE TO ISO 22301 IMPLEMENTATION
Author and experienced business continuity consultant Dejan Kosutic has written this book with one goal in mind: to give you the knowledge and practical step-by-step process you need to successfully implement ISO 22301. Without any stress, hassle or headaches.
FREE eBOOK: 9 STEPS TO CYBERSECURITY
9 Steps to Cybersecurity from expert Dejan Kosutic is a free eBook designed specifically to take you through all cybersecurity basics in an easy-to-understand and easy-to-digest format. You will learn how to plan cybersecurity implementation from top-level management perspective.
- eTRAINING
ISO 27001:2013 LEAD IMPLEMENTER COURSE
In this online course you’ll learn all you need to know about ISO 27001, and how to become an independent consultant for the implementation of ISMS based on ISO 20700. Our course was created for beginners so you don’t need any special knowledge or expertise.
ISO 27001:2013 LEAD AUDITOR COURSE
In this online course you’ll learn all about ISO 27001, and get the training you need to become certified as an ISO 27001 certification auditor. You don’t need to know anything about certification audits, or about ISMS—this course is designed especially for beginners.
ISO 27001:2013 FOUNDATIONS COURSE
Learn everything you need to know about ISO 27001, including all the requirements and best practices for compliance. This online course is made for beginners. No prior knowledge in information security and ISO standards is needed.
ISO 27001:2013 INTERNAL AUDITOR COURSE
In this online course you’ll learn all the requirements and best practices of ISO 27001, but also how to perform an internal audit in your company. The course is made for beginners. No prior knowledge in information security and ISO standards is needed.
Download free ISO 27001 & ISO 22301 materials
MOST POPULAR
Project Plan for ISO 27001 Implementation (MS PowerPoint)
Presentation
Short presentation intended for chief security officers, project managers and other employees. This presentation will help clearly define the objectives of the Information Security Management System (ISMS) implementation project, documents to be written, deadlines, and roles and responsibilities in the project.
Click to download
Step-by-step explanation of ISO 27001 risk management (PDF)
White paper
This white paper is intended for Project managers, Information Security Manager, Data protection officers, Chief Information Security Officers and other employees who need guidance on how to implement risk management according to ISO 27001. Get an overview of the risk management process, tasks you should consider while implementing the ISO 27001 risk management and links to additional resources that will help you understand risk management.
Click to download
Clause-by-clause explanation of ISO 27001 (PDF)
White paper
This document explains each clause of ISO 27001 and provides guidelines on what needs to be done to meet each requirement of the standard. It also gives insight into how to apply a process approach, and how to plan and analyze processes within the organization, helping you to understand how to establish and maintain an ISO 27001-based Information Security Management system (ISMS).
Click to download
Checklist of mandatory documentation required by ISO 27001:2013 (PDF)
White paper
White paper that lists all the mandatory documents and records, but also briefly describes how to structure each document. This paper is ideal for all the companies that begin their ISMS implementation - it gives a perfect overview of which documents will be required, and where to place them.
Click to downloadISO 27001 & ISO 22301 White papers (23)
Checklist of ISO 22301:2019 mandatory documentation (PDF)
White paper
This white paper is intended for business continuity managers and project managers who need to implement the standard. This helpful document gives an overview on what are ISO 22301 mandatory documents and records, together with the most commonly used non-mandatory documents.
Click to download
How to perform an internal audit using ISO 19011 (PDF)
White paper
This white paper is intended for companies that need to perform an internal audit as part of their ISO 27001 management system. Learn how ISO 19011 can help you, and read about principles of auditing, auditor characteristics, and steps for internal auditing according to this standard.
Click to download
Report: Compliance and information security – How are they related? (PDF)
Report
Compliance or security? Where do companies put their focus? Which typical security methods are used to cover compliance requirements? Why do data breaches usually happen? These are just some of the questions we asked in our survey, carried out in June 2019, whose goal was to research the connection between security and compliance. Answers from more than 600 survey respondents, coming from countries in five continents, from various industries, mostly from smaller and medium-size companies, and acting predominantly in IT and security positions, helped us to discover the main findings. In this free report, read an overview of the results and analysis.
Click to download
What to expect at the ISO certification audit: What the auditor can and cannot do (PDF)
White paper
This white paper is intended for information security managers and consultants in companies which already implemented quality standard(s) and need guidance on what to expect at the ISO certification audit.
Click to download
How is ISO 27001 applicable for Software-as-a-Service companies? (PDF)
White paper
This white paper is intended for decision makers, information security managers, IT service managers, consultants and other employees in Software-as-a-Service companies that haven’t yet implemented ISO 27001. This helpful document gives an overview of benefits that the implementation of ISO 27001 can bring for SaaS business.
Click to downloadStep-by-step explanation of ISO 27001 risk management (PDF)
White paper
This white paper is intended for Project managers, Information Security Manager, Data protection officers, Chief Information Security Officers and other employees who need guidance on how to implement risk management according to ISO 27001. Get an overview of the risk management process, tasks you should consider while implementing the ISO 27001 risk management and links to additional resources that will help you understand risk management.
Click to download
How to integrate ISO 27001, COBIT, and NIST (PDF)
White paper
This white paper outlines ISO 27001, the COBIT framework for information technology (IT) management and IT governance, and the NIST Cyber Security Framework. By demonstrating the similarities and differences, it also clarifies how they can be used together at the same time during an information security implementation project to improve information protection.
Click to download
How to implement the NIST Cyber Security Framework using ISO 27001 (PDF)
White paper
This white paper outlines a US-based method of minimizing cybernetic risk, by discussing how to implement the NIST Cyber Security Framework using ISO 27001. By demonstrating the similarities and differences, it also clarifies how to integrate them successfully.
Click to download
ISO 27001 vs. ISO 22301 matrix (PDF)
White paper
This matrix shows relationships between the clauses of ISO 27001 and ISO 22301, and gives an overview of common requirements of these two standards with tips on how to fulfill them with as little documentation as possible. The purpose of this matrix is to present possibilities for combining these two systems in organizations that plan to implement both standards at the same time, or already have one standard and want to implement the other one.
Click to download
What is EU GDPR and how can ISO 27001 help? (PDF)
White paper
Understanding how ISO 27001 fits in alignment with EU GDPR can help organizations comply with these new European regulations. This document explains the relationship between EU GDPR and ISO 27001, while demonstrating how to go about protecting personal data. You will also learn whether you need to be EU GDPR compliant, and if ISO 27001 alone is adequate for compliance.
Click to downloadClause-by-clause explanation of ISO 27001 (PDF)
White paper
This document explains each clause of ISO 27001 and provides guidelines on what needs to be done to meet each requirement of the standard. It also gives insight into how to apply a process approach, and how to plan and analyze processes within the organization, helping you to understand how to establish and maintain an ISO 27001-based Information Security Management system (ISMS).
Click to download
Clause-by-clause explanation of ISO 22301 (PDF)
White paper
This document explains each clause of ISO 22301 and provides guidelines on what needs to be done to meet each requirement of the standard. It also gives insight into how to apply a process approach, and how to plan and analyze processes within the organization – helping you to understand how your BCMS can reach its full potential.
Click to download
Implementing ISO 27001 with a consultant vs. DIY approach (PDF)
White paper
When implementing ISO 27001 you may find it daunting deciding which method to follow. This white paper outlines the pros and cons of both going it alone, and hiring a consultant. It offers detail on both techniques, helping you make an informed decision as to which is the most suitable approach for your business.
Click to download
How to Budget an ISO 27001 Implementation Project (PDF)
White paper
Implementing a project like ISO 27001 can be costly if you do not budget in advance. This white paper aims to help you budget effectively, and prevent any unnecessary expenses from occurring. Not only will you learn budgeting benefits and tips, but also how different implementation options can impact your overall budget.
Click to download
Privacy, cyber security, and ISO 27001 – How are they related? (PDF)
White paper
This white paper demonstrates how ISO 27001 and cyber security contribute to privacy protection issues. You will learn about cyberspace privacy risks and practical tools already available for cyber security implementation. The white paper also details how ISO 27001 provides guidance to protect information, as well as the steps to follow for applying best practices in privacy protection.
Click to download
Integration of Information Security, IT and Corporate Governance (PDF)
White paper
This white paper explains how to integrate Information Security, IT and Corporate Governance, in the best possible way. It guides you though main principles of corporate governance and lists all the similarities and differences between all three types of governance. The white paper also lists tools available for you to use in this process to make it effortless and stress-free.
Click to download
ISO 27001 vs. ISO 20000 matrix (PDF)
White paper
The matrix shows relationships between clauses of ISO 27001 and ISO 20000, and gives an overview of common requirements of these two standards with tips on how to fulfill them with as little documentation as possible. The purpose of this matrix is to present possibilities for combining these two systems in organizations that plan to implement both standards at the same time or already have one standard and want to implement the other one.
Click to download
Applicability of ISO 27001 divided by industry (PDF)
White paper
This is a list of the most common information security issues that can be resolved by ISO 27001 implementation, divided by industry. This is a very useful document if you need to present to your management what your peer companies are doing.
Click to download
ISO 27001 vs. ISO 9001 matrix (PDF)
White paper
The matrix shows relationships between clauses of ISO 27001 and ISO 9001, and gives an overview of common requirements of these two standards with tips on how to fulfill them with as little documentation as possible. The purpose of this document is to present possibilities for combining these two systems in organizations that plan to implement both standards at the same time or already have one standard and want to implement the other one.
Click to downloadChecklist of mandatory documentation required by ISO 27001:2013 (PDF)
White paper
White paper that lists all the mandatory documents and records, but also briefly describes how to structure each document. This paper is ideal for all the companies that begin their ISMS implementation - it gives a perfect overview of which documents will be required, and where to place them.
Click to download
How online tools are revolutionizing ISO 27001 and ISO 22301 implementation (PDF)
White paper
In this white paper we will look at each of the implementation options (hire a consultant, do it on your own without support, or use the online tools) in more detail, providing an easy comparison for decision making.
Click to download
ISO 27001 Case study for data centers (PDF)
White paper
An interview with the CEO of a smaller data center that shows how the implementation of ISO 27001 can benefit organizations from this industry. In this paper, the CEO discusses very openly which obstacles they found while implementing ISO 27001, and how they are using this standard to compete in the market.
Click to download
Twelve-step transition process from ISO 27001:2005 to 2013 revision (PDF)
White paper
This white paper is intended for companies that have implemented the ISO 27001 2005 revision, and are planning to transition to the 2013 revision. The paper describes the suggested steps in the process.
Click to downloadPresentations (3)
Project Plan for ISO 27001 Implementation (MS PowerPoint)
Presentation
Short presentation intended for chief security officers, project managers and other employees. This presentation will help clearly define the objectives of the Information Security Management System (ISMS) implementation project, documents to be written, deadlines, and roles and responsibilities in the project.
Click to download
Project proposal for ISO 27001 implementation (MS PowerPoint)
Presentation
Obtaining management support for implementation of ISO 27001 is not an easy task. You need to show them clearly and succinctly why this project is important for your company. With our Project Proposal template in PowerPoint, you’ll have a head start in earning management’s support and make sure that no important information is left out.
Click to download
Why ISO 27001 – Awareness presentation (MS PowerPoint)
Presentation
Short presentation intended for employees that shows what ISO 27001 is all about, why is it good for the company – and also for themselves, and what is their role in handling information security.
Click to downloadTemplates (2)
Project proposal for ISO 27001 / ISO 22301 implementation (MS Word)
Template
Template of a document you can use to propose the implementation of ISO 27001 and/or ISO 22301 to your top management. It contains the following sections: Purpose, Reasoning, Project objectives, Project duration, Responsibilities, Resources, and Deliverables.
Click to download
Project plan for ISO 27001 / ISO 22301 implementation (MS Word)
Template
The purpose of the Project Plan is to clearly define the objective of the Information Security Management System (ISMS) implementation project, documents to be written, deadlines, and roles and responsibilities in the project.
Click to downloadChecklists (9)
Diagram of 6 steps in ISO 27001 risk management (PDF)
Diagram
This diagram presents the six basic steps in the ISO 27001 risk management process, starting with defining how to assess the risks, and ending with creating the implementation plan for risk controls.
Click to download
Diagram of ISO 27001:2013 Risk Assessment and Treatment process (PDF)
Diagram
Diagram that shows the ISO 27001 Risk Assessment and Treatment process, considering an asset – threat – vulnerability approach.
Click to download
List of Questions to ask an ISO 27001 or ISO 22301 certification body (MS Word)
Checklist
Which certification body is right for you? Consider these questions when deciding which registration body to hire for your ISO 27001 and/or ISO 22301 certification. This list contains 15 questions that will enable you to choose the right partner for this important step.
Click to download
List of questions to ask your ISO 27001/ISO 22301 consultant (MS Word)
Checklist
Before deciding about hiring a consultant for your ISO 27001 and/or ISO 22301 implementation, consider these questions and use them to evaluate potential consultants.
Click to download
Diagram of ISO 27001:2013 Implementation (PDF)
Diagram
Diagram that shows the ISO 27001 implementation process, from the beginning of the project to the certification.
Click to download
Diagram of ISO 22301 implementation process (PDF)
Diagram
Diagram that shows the ISO 22301 implementation process, from the beginning of the project to the certification.
Click to download
Diagram of BS 25999 implementation process (PDF)
Diagram
Diagram that shows the BS 25999-2 implementation process, from the beginning of the project to the certification.
Click to download
Project checklist for ISO 27001 implementation (MS Word)
Checklist
A checklist that will enable you to keep track of all steps during the ISO 27001 implementation project. The checklist has 14 major steps and 44 tasks, starting with obtaining management support all the way through to certification audit.
Click to download
Project checklist for ISO 22301 implementation (MS Word)
Checklist
A checklist that will enable you to keep track of all steps during the ISO 22301 implementation project. The checklist has 17 major steps and 51 tasks, starting with obtaining management support all the way through to certification audit.
Click to download
Dejan Kosutic
Lead ISO 27001/ISO 22301 Expert
Need a simple explanation of what you need to do?
SCHEDULE FREE CONSULTATIONAdvanced Search
Search here for any material about
ISO 27001 and ISO 22301 implementation
About 27001Academy
27001Academy is one of the Academies of Advisera.com. Advisera specializes in helping organizations implement top international standards and frameworks such as EU GDPR, ISO 27001, ISO 9001, ISO 13485, ISO 14001, ISO 45001, IATF 16949, ISO/IEC 17025, AS9100, ISO 20000 and ITIL. Over the years, Advisera has become a global leader in the provision of web-based training and documentation for ISO 27001 (information security management) and ISO 22301 (business continuity management).
Our products are of best-in-class quality. With a proven performance record of successful implementations in more than 100 countries, our world-class customer support ensures success. Read more about the 27001Academy here.
We use Secure Socket Layer (SSL) technology, the industry standard and among the best available today for secure online commerce transactions. All of your personal information, including credit card number, name, and address is encrypted so it cannot be read during transmission. You are protected by your credit card company in the case of a fraudulent transaction with any purchase.
AES-128bit SSL safe [lightbox href=”https://advisera.com/27001academy/privacy-policy” group=”stat-priv”]Privacy Policy[/lightbox]
Online payment services are provided by BlueSnap and 2Checkout.
OUR CLIENTS
OUR PARTNERS
- Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM, TL and AU Competency Units.
- ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
- DNV GL Business Assurance is one of the leading providers of accredited management systems certification.