top of page
empty-signboard-entrance-subway (1).jpg

ISO 27001 

Suggested Template for the ISMS

There are a large number of sites where you can download for a fee a template (see IT Governance for a good one).  I have included here what I think a useful ISMS would contain rather than just a compliant ISMS.


ISMS Scope

            Physical Boundaries

            System(s)/Network Description with boundaries

            Information Description and Business reason



            Executive Summary

            Scope (see above) detail

            Objectives (describe how)

  • Identifying assets and risks to those assets.

  • Reducing or eliminating incidents.

  • Minimising the impact of incidents.

  • Continuous improvement

  • Maintaining and enhancing esteem and reputation.

  • Reducing down-time.

  • Protecting privacy.


  • Top Management are responsible for the ISMS.

  • All employees will be educated in the ISMS.

  • Risks will be assessed and controls will be proportionate.

  • Risks will be managed (Transferred, Treated, Terminated, Tolerated).

  • Discipline (compliance with policy) will be enforced.


  • For Governance – CISO.

  • For Management – Security Working Group.

  • For Training & awareness – Corporate.

  • Cross Reference with Roles & responsibilities.

Key Outcomes

  • Lower financial loss.

  • Confidence and assurance of privacy.

  • Satisfied customer / supplier base.

  • Enhanced employee satisfaction.

  • Shareholder values increase.

  • Society stakeholder (regulatory) confidence.

Related Policies and Procedures.

 List with hyper link to all relevant (appropriate as compliant with Annex A / Statement of Applicability) including local interpretation as required.

Reference to other Mandatory documents (hyperlink when complete).m

Risk Assessment Methodology statement.

            Qualitative or Quantitative.

            Compliance with ISO 31000 / ISO 27001

            Risk Attitude (Appetite / Tolerance) Statement.

Brief Outline of Audit Programme

Conclusion – Senior Management Commitment / Sign Off.

bottom of page