ISO 27001:2024 | Information Security Management Systems


ISO 27001:2024 TOOLKIT

Complete document kit for information security management systems.

Contains manual , management and safety procedures , check list , forms, management applications , safety plan, ANNEX-A safety checks

  • Fully editable documents
  • Updated to the latest regulatory revision
  • Suitable for companies, consultants and PA


Demonstration and examples section

Consult the  demonstrationsexamples and main screens of the ISO 27001:2024 TOOLKIT. You will be able to download and consult extracts from the  manual sections , management proceduresinformation security procedures  , check lists,  management applications, forms and Information Security Plan .


General list of package contents

The documentation offered by the  Procedure Documentation Kit 27001:2014  allows consultants and managers to start from a solid  base of pre-set technical contents: 

    • System technical contents (in business procedures)
    • Cybersecurity technical contents (in security procedures)

The kit includes a system fully implemented through editable and customizable documents .

The documentation consists of a Manual , Management Procedures , Safety Procedures , Forms , Attachments , Check Lists and Management Applications .

The latter, created in Excel , allow monitoring, measurement, analysis and evaluation activities to be carried out completely automatically , freeing operators from processing and calculation activities.

The work of implementing the system is illustrated by the Manual and is divided into neat sections to guide the managers or consultants who work there .

Section “Management System Manual”

The D&I Manual 30415 explains how the D&I management system built on the basis of the guidelines of the Standard is made and how it works.

For the organization’s managers and consultants, the manual contains all the information necessary to prepare and implement the requirements of 30415.

It provides an overview of all processes and allows you to understand:

How to structure them through the “actions” indicated by the respective points of the Standard

How to document them through records that allow monitoring, measurement, analysis and evaluation

Safety Procedures

The “safety procedures” of the ISO 27001:2024 management system are characterized by the presence of technical controls that express their effectiveness provided they are integrated into the same process.

The safety procedures are:

  • PSI-01 – Access Control
  • PSI-02 – Physical Security
  • PSI-03 – Networking
  • PSI-04 – Incident Preparation and Management

Safety Procedures and techical personnel

These procedures, as part of the functioning of the information security management system, unlike what happens with business procedures, oversee processes controlled by technical personnel such as:

  • The Asset manager
  • The System Administrator ( Personal Data Protection Guarantor Provision 27.11.2008)
  • The person responsible for the information system
  • The data protection officer – DPO 

In the information security plan of the ISO 27001:204 procedures document kit, all the controls required by Annex (appendix) A of ISO/IEC 27001:2024 have been considered.


Management Procedures

The management procedures of the ISO 27001:2024 system of the Winple Kit govern all the organization’s processes and integrate all 93 controls of Annex A of the ISO 27001:2024.

Attention to business processes

The unanimous orientation of the certification bodies, especially during audits, is, without a doubt, that of wanting to verify the application of the information security management system precisely in the business processes that the organization conducts.


Management applications – ISO 27001:2024

Management applications also belong to the category of system recordings .
In the ISO 27001:2024 procedure KIT they represent the tools with which to carry out activities of:
  • Monitoring
  • Measurement
  • Analyses
  • Assessment

They are simple applications built in Excel that simplify data collection and processing. They are very useful because they automatically process the data collected and processed, replacing the use of paper forms, which are not suitable for processing activities.

The management applications in Excel, made available in the management system kit, allow you to “automate” data analysis:

  • The user enters the “inputs”
  • The application returns “output” results relating to information security levels.

Each Excel application is equipped with illustrated explanations relating to the operation and the criteria used for the automated assessments relating to:

  • To safety objectives
  • To safety indices
  • To the deviations detected

Monitoring, measurement, analysis and evaluation of Management Applications4

Winple’s ISO 27001 system management applications automatically process data relating to:

  • Control of roles recognized by the system
  • Control of responsibilities attributed to staff
  • Control of asset security levels
  • Checking the effectiveness of the training performed
  • Quality control of the training received
  • Monitoring of training performed
  • Monitoring of internal and external communication
  • Supplier monitoring
  • Identification and traceability of the product/service
  • Monitoring of non-compliant products/services
  • Safety performance monitoring
  • Control of audits and non-compliances

Attention: Thanks to management applications, all processes are subjected to statistical control which, unlike personal evaluations (sometimes arbitrary), documents in a  “quantitative ” form the actual  effectiveness of the  information security management system .

Thanks to the graphic dashboards of the management applications, the user of the document kit can have a clear picture of the general performance  of the system and the  safety performance  of the various sectors  of the organization .

ISO 27001:2024 Applicability Statement

Information security plan

The ISO 27001 Applicability Statement has become one of the most powerful information security communication tools in recent years.

In the WINPLE KIT management system, the document is also called Information Security Plan .

Provided for by point 6 of the Standard, it allows the organization, and in particular the legal representative, to:

  • Declare all security controls, from Annex A , that the organization has applied
  • Provide objective documentary evidence of their integration into the organization’s processes

Declaration of applicability ISO 27001:2024 and opportunities for use

  1. Participation in public or private tenders
  2. Communication with existing or potential customers
  3. Corporate partnerships or collaborations
  4. Requests for certifications or accreditations
  5. Compliance report or audit
  6. Press releases or public communications
  7. Submissions to regulatory bodies or government authorities
  8. Involvement in research or development projects
  9. Requests for financing or investments
  10. Participation in industry events or conferences
  11. Due diligence processes for mergers or acquisitions
  12. Responses to requests for information or requests for proposals
  13. Public hearings or legislative hearings
  14. Risk Assessment or Privacy Impact Analysis (PIA)
  15. Third-party security control reviews
  16. Data access requests from customers or partners
  17. Responses to security incidents or data breaches
  18. Industry-specific regulatory compliance needs
  19. Reviews of services or products by supervisory bodies
  20. Design and development of new products or services with integrated information security requirements.

Forms – ISO 27001:2024

The documented information (records) of the ISO 27001:2024 system essentially responds to two operational needs:

  • Prove compliance of the activities carried out with regulatory procedures and requirements
  • Record and transmit information and data related to the functioning of processes

The system forms are tidy, easy to understand and are connected to the procedures in a clear and unequivocal way. Each procedure has its specific modules.

The forms are rendered in Word, as are the procedures, and their contents are already filled in to aid consultants and managers in the relevant customization activity .

The layout is clean and easily usable and understandable by the people employed by the organization.

Specialist cybersecurity technical content in the forms

The forms cover all the processes to be implemented and contain very useful pre-compiled information that provides valuable specialist technical content in the field of cybersecurity , such as:

  • Information security  assets 
  • The evaluation and control of  network and communications security
  • Software security assessment and control 
  • The evaluation and control of the security of  computing devices
  • The evaluation and control of the  security of offices and archives
  • The evaluation and control of  safety systems and devices
  • The management and maintenance of security assets
  • The disciplinary process  for those who contravene the system’s requirements

The system registrations do not end with the forms but also include the ” management applications “. Kit applications created in Excel for monitoring, measurement, analysis and evaluation activities.

The Information Security Plan  which documents  how the organization implements all the controls required by Annex A of 27001 in the 2024 edition is included and already drawn up in  the forms of the ISO 27001: 2024 Procedures document kit .