Definition of scope
The purpose is to clearly define the area of application (Scope) where the ISMS is used.
Guidance documents
Information security policy
Description of basic information security objectives & roles.
Control documents & management
Training concept
The training concept describes the type of training to be conducted, the monitoring of success and the documentation of participation.
Statement of applicability (SOA)
The statement of applicability serves to document the applicable controls in ISO27001 management systems.
Key performance indicators (KPI)
The template for Key Performance Indicators is used to define and document key figures to be reported.
Inventory of assets
The asset inventory is used for the central recording of all corporate assets worthy of protection.
Identification of requirements
The document describes the procedure for recording legal, contractual and other requirements for the ISMS.
Evaluation of norm compliance
This document supplements the SoA with an assessment of the ISO27001 standard chapters. This gives you an overview of the implementation status.
Document control procedure
The entire life cycle of documents (creation, release, update) within the ISMS is regulated by this procedure.
Appointment information security officer
This template should be used to appoint the Information Security Officer (ISO).
Policies & Measures
Development policy
The guideline describes the secure development of systems and software.
Procedure for implementing corrective measures
The ISMS is to be continuously improved. Corrective measures defined in Audits & Co. are implemented and documented with this procedure.
Physical access policy
Physical access to areas and premises is controlled by means of the policy and restricted as required.
Password policy
The goal of password policy is to create uniform rules for creating, managing and using passwords.
Network security policy
The policy describes the security measures to be applied when operating and using networks.
Mobile device and teleworking policy
Mobile devices are subject to specific safety rules in order to ensure the security level also outside the company premises.
IT administration policy
The administrative activities should be carried out under the aspects of the information security policy. The document contains IT-specific activities.
Information classification policy
The policy describes how information is to be classified and how classified information may be handled.
Additional documents
Explanation of the structure of the documents
Here you can take a look at the structure of the documents and understand how they are organized.
Templates for new tables
You can use this template to create a new table.
Template for new documents
You can use this template if you want to create a new document.
ISMS Toolkit mapping table ISO27001
This table is used to assign the ISO27001 chapters to the Toolkit documents.
ISMS Toolkit mapping table VDA-ISA 5.0
This table is used to assign the VDA-ISA 5.0 chapters to the Toolkit documents.