FAQ

Frequently Asked Questions

Product & Framework
ISMS Toolkit is a collection of tools & templates designed to help you implement an information security management system (ISMS) compliant with the two most popular security standards: ISO27001(the international standard for information security management) and VDA ISA (TISAX) (the information security standard for the automotive industry). The toolkit includes templates and guidance to create all ISO2001 and VDA ISA policies, controls, processes, and procedures to meet the requirements of both standards, protect customer data, and make your business more secure.

ISO27001 is a leading international information security standard, specifying the requirements for an organization’s information security management system (ISMS). An ISMS is a documented set of policies, procedures, processes, and controls that are designed to address all aspects of information security within your organization. The standard was first published in 2005 and has been updated incrementally since then. ISMS is based on the fundamental concepts of information security including people, processes, and technology. ISO27001 is recognized by governments and regulatory agencies across the globe. We’ve created this toolkit to help you get up and running with ISO27001 quickly and easily, using best practice documentation methods.

TISAX stands for “Trusted Information Security Assessment Exchange”. VDA ISA (TISAX) is a control system for security information. It provides guidelines to ensure an appropriate level of security for IT systems in the automotive industry. VDA ISA (TISAX) refers to the management of information technology as a critical infrastructure. In addition to data protection, this also includes all aspects of Information Security, such as confidentiality, integrity, and availability. It consists of requirements from VDA ISA (Verband der Automobilindustrie Information Security Assessment).

Yes. We would recommend getting a copy of the ISO27001 standard itself from the ISO official website and VDA ISA website. First of all without one, you may find that you spend more time than necessary trying to locate answers to your questions. Having the actual source document will help you better understand all the information needed for the implementation process.

And secondly during the certification process you will need to show auditor which criteria your ISMS is built against, so defacto it’s required for certification.

No, we don’t offer certification. Our goal is to help you set up an information security management system yourself with ISMS Toolkit and prepare your organization for the certification audit. To arrange certification, you need to contact a Registered Certification Body (RCB) in your region who will conduct a two-stage audit to verify that you are compliant with standard requirements.

Normally, the whole process can take up to 12-18 months depends on the size and complexity of your organization, and there are a number of stages that need to be completed before you can be standard certified. Even though many organizations focus on Information Security, the implementation of ISMS is not easy for everyone. There is a lot of work involved to prepare for an audit and be ready for certification. Even more without proper planning, the cost of certification can be extremely high with little to no return on investment.

In the same time, from our practice we know it’s possible to acchieve certification much faster (4-6 month) and with less expenses. And a lot of our customers actually do that. ISMS Toolkit helps you cut certification time from 1-1,5 year to a few month saving thousands of budget in the process.

In addition, there are several more conditions that you should to consider:

  • Having an information security responsible / project manager that is ISO or IT from start that is commited and can work every day or every other day on ensuring that tasks are carried out and defined processes are taken in place.
  • Top management must commit and transfer responsibility to release documents to this person.
  • Having an existing cert. like 9001 helps to achieve best target of 3-4 months.
  • Size of organization has lower impact (e.g. 100-500 employees often the same), more number of locations is a bigger impact.
  • Motivation to adopt new processes thorough departments.
  • Close working with HR & IT.

ISO27001 is one of the top security management systems available. Setting up an Information Security Management System (ISMS) for your company can be a lot to take on. It requires a lot of risk assessments, policies, and procedures which all need to be reviewed and put together by someone in-house who has the necessary technical know-how. There is plenty of information security consulting companies out there that can provide an ISMS but they often charge a lot for their services and required additional onboarding projects. While external consultants are a good option for top-level companies, they are too expensive and time-consuming for small to medium enterprises. The cost of hiring an external consultant often is pretty high and required additional time to find and manage it.

Small companies with fewer than 100 employees can expect to pay less than €10,000. Companies with over 100 employees and over €10 million in revenue can expect to pay more than €50,000.

ISMS Toolkit designed to eliminate large money, time, and human resource spending on reinventing the wheel by using proven ready-made templates and processes. Focus on what is essential for your life and business instead. Prevent thousands spent on consultants delivering the same toolkit and save over 90% compared to the cost of ISMS consultant with no effect on the documentation quality and business outcomes.

Doing the wrong things for the right reasons is still doing the wrong things. Without a clear strategy, step-by-step plan, and the help of a third party, achieving certification take months of research, trial, and error. That’s why we created ISMS Toolkit.

ISMS Toolkit gives you clear overview of the whole process.

See exactly what needs to be done. A well-organized and structured system that gives you an overview of the full scope, timeline all information you need. Get a clear understanding of how much technical work is to be done so you can plan and estimate your project before going into detail.

The audit gives you the opportunity to see how your information security management system (ISMS) stacks up to the requirements of ISO27001. The risk of not passing the ISO27001 audit is very real. If your information security management system (ISMS) is not in line with the requirements of ISO27001, you run the risk of non-compliance, which could lead to hefty financial penalties or even losing customers. This is why you need a plan in place so that you can be as prepared as possible before going into the audit.

Internal audit:

Internal audit can’t be failed but can lead to poor results. There is no direct influence on the external audits besides consuming time. The most common result is remedy discrepancies, so you need to re-do it. To do so you can always contact us to look into results to remedy discrepancies and help you to come up with a better solution.

External audit:

The audit can result in one of three possible outcomes: compliance, temporary certificate, or non-compliance. The most common one is compliance. This is where everything is in order and there are no outstanding issues. However, sometimes an organization will receive a temporary certificate due to outstanding issues that need addressing. The last outcome is non-compliance. This means you’re not audited properly or your systems don’t meet the requirements, so you require at least one improvement action before the next audit date.

We suggest to! Most of the documents described in security standards are mandatory. These documents act as proof of a proper Information Security Management System. To verify your compliance auditor will review all the ISMS documentation, which means that what is not written down in your documentation needs to be proven in another way. Having all required ISMS documentation in place is a key element of successful security standards certification.

Yes, sure. We believe information security doesn’t need to be hard. Our goal is to give companies the tools they need to tackle the topic of “information security” themselves. ISMS Toolkit designed to help you implement ISMS yourself with step-by-step guidance and support without time and budget consuming external consulting services.

Yes, but can be a variety of persons like IT manager, quality manager, or something close to IT, Data protection officer also possible. We also offer the position of external ISO as a bookable service.

Yes, we can help you with auditor assessment. In addition to support and assistance through the process, we would be happy to advise and support you with audits with our customizable service options.

MEMBERSHIP​

With Toolkit Membership, you will get instant access to is the most complete and affordable set of 40+ pre-made documentation templates for your ISMS in one package and a lifetime license to use them across your organization. But ISMS toolkit is not just a documentation set. In addition, you will get 1-year of unlimited access to all our tools and resources: ISMS Academy training, knowledge base, assistance in ISMS implementation, a private community of infosec practitioners and companies like yours, weekly Q&A live video sessions, 12 months of unlimited email support, and more.

You’ll get Microsoft Word & Excel documents you can browse and download one by one from your member portal or download the latest version of the toolkit in one package.

All documents use a common MS Office theme so that you can easily customize pre-made documents according to your company guidelines or create additional documents from templates. Brand documentation by applying your own logo, colors, fonts, typography settings, headers, etc with a few clicks. So that they will seamlessly integrate into your current documentation system.

Instantly after the payment is processed, you will receive access to all documentation and other products straight away via your member portal. You are also able to download the latest version documentation toolkit package to keep yours forever with a lifetime license, as well as 12 months of updates and unlimited access to all products included in your yearly subscription.

We highly recommend you to get “Professional” plan of the toolkit, as you will get both language in one toolkit as well as unlimited access to all ISMS Academy courses, 1-hour expert consultation, documentation review, and more included in your membership. If you already have “Plus” membership, you can upgrade with 50% discount.

We are constantly improving all our products based on the latest industry changes and feedback from our customers. Normally we release updates every 6-8 weeks. You will be notified about updates via your membership portal and by email. There is also a dedicated page to preview all previous and current version updates on the documentation toolkit page.

Yes. While ISMS Toolkit includes everything you need to implement ISMS yourself – with our readymade documentation, built-in guidance, step-by-step course, and community support. If there is anything you can not handle, or need further advice on a specific topic, we will be there for you, only a click away. You’re not alone. Get an answer to any ISMS questions and implementation issues you may have. Unlimited email support combined with assistant from experts and private community thought the whole process.

Yes. Your subscription will automatically renew at a fixed rate after one year, so you don’t lose access to support and updates. You can easily disable the auto-renewal on your account page under subscriptions tab.

You can cancel your subscription at any time through your Account page. We will not renew your subscription after you’ve canceled it, and you will have full access to the toolkit in grace period.

Payment

We accept payments via Stripe, which means you can pay with all major credit cards like Visa, MasterCard, Discover, Maestro, JCB. You can also do SEPA transfers from your bank account. We’re also working to accept Paypal payments in the near future.

Your security is our priority. We use Secure Socket Layer (SSL) technology, the industry standard, to help protect your personal and payment information. SSL is one of the world’s most secure ways to pay online. Your payment details are encrypted, and then immediately sent to the payment processor. We don’t see your payment information, and we don’t store any details.

We accept payment in most common world currencies, including Euros, US Dollars, Swiss Francs, and British Pounds.

The payment provider we use (Stripe) has a variety of different ways to evaluate each credit card transaction and there are a number of reasons why your card could be declined. If you still have no success you can contact us to discuss alternative methods of payment, the main one being bank transfer.

With ISMS Toolkit, you will be able to set up a solid information security management system according to ISO27001 and VDA ISA TISAX standards. All documentation and support provided by professional infosec practitioners with in-depth knowledge and many years of hands-on experience in information security. If you are not satisfied with ISMS Toolkit over the next 15 days, we will refund 100% of your purchase according to our Terms of service.

We're here to help

Have another question? Feel free to contact us, we’ll happy to answer any questions on your purchase.