ISO 27001 ISMS Documentation Kit EU GDPR Integrated

The EU GDPR and ISO 27001 integrated documents are editable and many organizations and ISO 27001 consultants are using these documents. The contents of the documentation kit, which we offer, include more than 155 editable files as listed below. These are written in easy to understand language and available in editable format.

1. ISMS Manual: A sample ISO 27001:2013 manual is given, which explains macro-level management strategy and commitment and how the information security system is implemented.
2. ISMS and GDPR Policy: 23 ISMS policies and 06 GDPR policies are given in this module, which helps to frame the information security controls and GDPR implementation.
3. ISO 27001 and GDPR Procedures: It includes 12 information security and 7 ISMS system related procedures as well as 6 GDPR procedures to implement the effective system in the organization.
4. Standard Operating Procedures: There are 9 SOPs given to establish controls for information security.
5. Process Flow Charts: Total 06 Process flow charts that cover process flow activities of all the main and critical processes with an input-output matrix for a manufacturing organization.
6. Forms for record-keeping: A set of 45 ISMS templates and 16 GDPR templates, which are sample forms to demonstrate the implementation of the integrated EU GDPR and ISMS systems.
7. Filled forms: It includes a total of 9 filled forms for an asset register, risk assessment, risk treatment, scope document for quick record keeping as well as 6 job descriptions filled formats.
8. ISO 27001 Audit checklist: It includes more than 500 audit questions for auditing implemented systems.
   • Audit questions to verify mandatory system implementation points
   • ISMS controls related to ISO 27001:2013 audit checklist
   • Good information security related to best practice verification questions.
9. Document Compliance Matrix: It includes a 01 Excel file with GDPR as well as an information security management system document compliance matrix.

The entire integrated EU GDPR and ISO 27001:2013 documents listed above are editable. Users can easily modify the name of the company, its logo, and other required parameters to prepare its organizational GDPR and information security system based documents quickly and economically.

The integrated system implementation of the General Data Protection Regulation(GDPR) and Information Security Management System(ISMS) to develop data protection and information security-related controls are necessary for every IT operational organization. Our EU GDPR – ISO 27001 Documents kit gives more than 155 different types of sample templates to establish a well-integrated system as per GDPR and ISMS requirements.

Documentation: –

Our documentation kit contains sample documents required for system certification as listed below. All documents are in MS-Word/Excel files and you can edit them. You can make changes as per your organization’s need and within few days your entire documents with all necessary controls will be ready. In the ISO 27001:2022, documented information (procedures, SOPs, etc.) are required a few places only. But for making the system better, we have provided many editable templates from which a user can select templates as per their own requirement and make some minor changes in them to make own system. Two types of documented information are provided in this kit, as listed below:

1. Maintain documented information (Scope, Manual, etc.)
2. Retain documented information (Forms / Templates)

Under the main directories, further files are provided in MS Word document as per the details given below.

1. ISMS Manual:

It covers sample copy of information security management system manual and clause wise details for how ISMS systems are implemented. It covers list of procedures as well as overview of organization and covers tier1 of ISMS documents.

(A) Table of Contents

4 to 10 – Detail chapters explaining management commitment and at macro level how system is implemented to comply requirements

2. GDPR & Information Security Policies

  2.1 Information security Policies (29 policies)

It covers guideline for controls applied as per ISMS guidelines. The policy document templates are provided to frame the information security controls as listed below.

List of policies

1. Acceptable Use Policy-Information Services
2. Infrastructure Policy
3. Policy for Access Card
4. Backup Policy
5. Clear Desk and Clear Screen Policy
6. Physical Media & Disposal Sensitive Data
7. Electronic Devices Policy
8. LAN Policy
9. Training Policy
10. Mobile Computing Policy
11. Telework Policy
12. Laptop Policy
13. Internet acceptable user policy
14. Messenger and E-mail
15. Password Policy
16. Patch Management
17. User Registration Access Management
18. Policy for Working in Secured Areas
19. Visitor Policy
20. Work Station Policy
21. Cryptographic Policy
22. IT Access Control Policy
23. Change Control
24. Cloud Security Policy
25. Freeware and Shareware Policy
26. Operation Security
27. IT Incident Recording and Reporting Policy
28. Personally identifiable information policy (PII)
29. Data Protection Policy

2.2 GDPR Policies (06 policies)

It covers guideline applied as per GDPR guidelines. The policy document templates are provided to frame the GDPR implementation as listed below.

List of Policies

1. Data Protection Policy
2. Privacy by Design / by Default Policy
3. Data Retention Policy
4. Cross-border processing or transfers of personal data
5. Data Classification Policy
6. Cookies Policy

3. GDPR & Information Security Procedures

 3.1 Information security procedures (20 procedures)

It covers sample copy of mandatory all the Information security management system procedures covering all the details as per ISMS requirements.

List of ISMS Procedures

1. Procedure for Management Review
2. Procedure for Documented Information Control
3. Procedure for Corrective Action
4. Procedure for Control of Record
5. Procedure for Information Security Management System Internal Audit
6. Procedure for Control of Nonconformity and Improvement
7. Procedure for Personnel and Training
8. Procedure for Scope Documentation for Implementation
9. Approach Procedure for ISMS Implementation
10. Procedure for Risk Assessment
11. Procedure for ISMS change management
12. Procedure for Organization Security
13. Procedure for Assets Classification & Control
14. Procedure for Human Resource Security
15. Procedure for Physical and Environmental Security
16. Procedure for Communication & Operational Management
17. Procedure for Access Control
18. Procedure for System Development and Maintenance
19. Procedure for Business Continuity Management Planning
20. Procedure for Legal Requirements

 3.2 GDPR Procedures: (06 Procedures)

It covers sample copy of mandatory all the general data protection regulation procedures covering all the details as per GDPR requirements.

List of GDPR Procedures

1. Data Inventory Procedures
2. Obtaining Valid Consent
3. Data Protection Impact Assessment
4. Subject Access Request Procedure
5. Data Breach notification & handling Procedures
6. Procedure for handling GDPR Data Subject Rights

4. Standard Operating Procedures (09 SOPs)

It covers sample copy of SOPs to link with significant aspects issues in the organization. It takes care of all such issues and used as a training guide as well as to establish control and make system in the organization. The samples given are as a guide and not compulsory to follow and organization is free to change the same to suit own requirements.

List of SOPs

1. SOP for Liaison with specialist organizations
2. SOP for Group Internet and E-mail Usage
3. SOP for Software configuration management
4. SOP for Server hardening
5. SOP for the Management of removable media
6. SOP for the Handling of virus attacks
7. SOP for Information security incident management
8. SOP for Audit trails

9. SOP for Business Continuity Plan

5. Process Flow Charts (06 Process Flow Charts)

It covers guideline for processes, process model. It covers process flow chart activities of all the main and critical processes with input-output matrix for manufacturing organization. It helps any organization in process mapping as well as preparing process documents for own organization.

List of Process Flow Chart

1. Tax Account Related BPO-Work
2. Marketing
3. Purchase
4. Software Development
5. HRD and Training
6. Web Application

6. Blank Formats (61 Blank formats)

It covers sample copy of blank forms required to maintain records as well as establish control and make system in the organization. The samples given are as a guide and not compulsory to follow and organization is free to change the same to suit own requirements.

List of blank formats

1. Visitor Entry Register
2. Employee leaving/transfer/termination Checklist
3. Employment confidentiality and Non-competition agreement
4. Job Description and Specification
5. Supplier confidentiality and Non-competition agreement
6. Training Calendar
7. Employees Competence Report
8. Security incident Investigation Form
9. Asset Identification and Classification
10. Capacity Planning
11. Business Continuity Test Report
12. Key Activities Input and Output
13. ISMS Objective Monitoring Report
14. Induction Training Report
15. Training Report
16. Skills Matrix Sheet
17. Purchase Order
18. Material Inward / Outward Record
19. Approved Supplier List
20. Contract Review Checklist / Summery of Contract
21. Customer Complaint Report
22. Customer Feedback Form
23. Service level agreement
24. Statement of Applicability report
25. Outsourced Service Details
26. Implementation of Recommended Controls
27. Change Note
28. Breakdown History Card
29. Preventive Maintenance Checklist
30. Master List and Distribution List of Document
31. Corrective Action Report
32. Software Project Plan and Review Approval Register
33. Master List of Record
34. IS Objectives Plan
35. Minutes of meeting
36. Configuration Items List
37. Change Request
38. Asset Identification and Classification
39. Risk Assessment and Treatment Plant
40. New User Creation Form
41. Media Disposal and Scrap Record
42. Parent/legal guardian consent form
43. Parental consent withdrawal form
44. GDPR consent form
45. DPIA Template
46. Standard Contractual Clauses for Third Parties
47. Data subject action request form
48. Audit Plan / Program
49. ISMS Internal Audit NCR Report
50. ISO 27001:2022 Audit Checklist Report
51. Minutes of meeting
52. Continual Improvement Monitoring Log
53. Change management request form
54. Communication report
55. List of licenses
56. Data Breach notification &investigation from
57. Inter Company Agreement
58. Data Subject Right to erasure request form
59. Data Subject Consent Withdrawal Form
60. DPO appointment letter
61. Access Request Confirmation Letter

7. Filled formats (34 Filled formats)

It covers sample copy of filled forms required to maintain records as well as establish control and make system in the organization. The filled samples given are as a guide and not compulsory to follow and organization is free to change the same to suit own requirements.

List of filled formats

1. Asset Register and Evaluation – sample 1
2. Asset Identification and Classification – sample 2
3. New User Creation Form
4. Media Disposal and Scrap record
5. Security incident & investigation form
6. Capacity Planning
7. Business Continuity Test Report
8. ISMS Objectives Monitoring Sheet
9. Visitor Entry Register
10. Customer Feedback Form
11. Communication report
12. Customer Complaint Report
13. Employee Leaving/Transfer/Termination Checklist
14. Approved Supplier List
15. Supplier registration form
16. Training Calendar
17. Employees Competence Report
18. Master List and Distribution List of Document
19. Change Note
20. Corrective Action Report
21. Master List of Records
22. Objective Plan
23. Audit Plan / Program
24. ISMS Internal Audit Non-Conformity Report
25. ISO/IEC 27001:2022 Audit Checklist Report
26. Induction Training Report
27. Training Report
28. Skills Matrix Sheet
29. Preventive maintenance checklist
30. Breakdown History Card
31. Master Compliance Matrix
32. Scope Document for ISMS Implementation
33. People Assets
34. Vulnerability Assessment Tools List

8. Audit Checklist (More than 500 Audit check list questions)

ISMS requirement wise as well as technical audit checklist and best practices are given.

1. ISMS Good Practices Audit Checklist
2. ISMS Clausewise
3. Controls Audit Checklist

9. Job description (11 job description)

It covers sample copy of job descriptions. List given below;

List of job description

1. Job description for Director
2. Job description for Finance & Account manager
3. Job description for HR Head
4. Job description for IS Manager
5. Job description for IT consultant
6. Job description for Marketing & business development manager
7. Job description for Networking Engineer
8. Job description for DPO
9. Job description for Project Manager
10. Job description for QC Head
11. Job description for Software Developer

10.Sample MRM

It covers sample copy management review meeting, agenda of management review meeting and objective review.

11.Filled sample risk sheet

It covers sample copy filled risk assessment and treatment plan as per information security management system requirements.

12.Filled Statement of applicability (SOA)

It covers sample copy filled statement of applicability (SOA) as per information security management system requirements.

13.GDPR along with ISO 27001 Compliance Matrix

This compliance matrix contains GDPR along with ISO 27001:2022 requirement wise list of documented information for easy reference of users and to understand how this system is made.

How useful?