ISO 27001:2024 | Information Security Management Systems

Original price was: 374,00 €.Current price is: 187,00 €.

ISO 27001:2024 TOOLKIT

Complete document kit for information security management systems.

Contains manual, management and safety procedures, check list, forms, management applications, safety plan, ANNEX-A safety checks

  • Fully editable documents
  • Updated to the latest regulatory revision
  • Suitable for companies, consultants and PA




Demonstration and examples section

Consult the demonstrations, examples and main screens of the ISO 27001:2024 TOOLKIT. You will be able to download and consult extracts from the manual sections, management procedures, information security procedures, check lists, management applications, forms and Information Security Plan.


General list of package contents

The documentation offered by the  Procedure Documentation Kit 27001:2014  allows consultants and managers to start from a solid  base of pre-set technical contents: 

    • System technical contents (in business procedures)
    • Cybersecurity technical contents (in security procedures)

The kit includes a system fully implemented through editable and customizable documents.

The documentation consists of a Manual , Management Procedures , Safety Procedures , Forms , Attachments , Check Lists and Management Applications .

The latter, created in Excel , allow monitoring, measurement, analysis and evaluation activities to be carried out completely automatically , freeing operators from processing and calculation activities.

The work of implementing the system is illustrated by the Manual and is divided into neat sections to guide the managers or consultants who work there .

Section “Management System Manual”

The Information Security Management System Manual under ISO 27001:2024 is designed to provide guidance for:

  1. The development of the system, its processes and its documentation for consultants and managers of the organization
  2. The understanding and effective use of the management system by the organization’s personnel
  3. Consultation, by interested parties, of the security safeguards established for information

Safety Procedures

The “safety procedures” of the ISO 27001:2024 management system are characterized by the presence of technical controls that express their effectiveness provided they are integrated into the same process.

The safety procedures are:

  • PSI-01 – Access Control
  • PSI-02 – Physical Security
  • PSI-03 – Networking
  • PSI-04 – Incident Preparation and Management

Safety Procedures and techical personnel

These procedures, as part of the functioning of the information security management system, unlike what happens with business procedures, oversee processes controlled by technical personnel such as:

  • The Asset manager
  • The System Administrator ( Personal Data Protection Guarantor Provision 27.11.2008)
  • The person responsible for the information system
  • The data protection officer – DPO 

In the information security plan of the ISO 27001:204 procedures document kit, all the controls required by Annex (appendix) A of ISO/IEC 27001:2024 have been considered.


Management Procedures

The management procedures of the ISO 27001:2024 system of the Winple Kit govern all the organization’s processes and integrate all 93 controls of Annex A of the ISO 27001:2024.

Attention to business processes

The unanimous orientation of the certification bodies, especially during audits, is, without a doubt, that of wanting to verify the application of the information security management system precisely in the business processes that the organization conducts.

Management applications also belong to the category of system recordings.

They are simple applications created in Excel that simplify the collection and processing of data. They are very useful because they automatically process the data collected and processed, replacing the use of paper forms, which are not suitable for processing activities.

ISO 27001:2024 Applicability Statement

Information security plan

The ISO 27001 Applicability Statement has become one of the most powerful information security communication tools in recent years.

In the WINPLE KIT management system, the document is also called Information Security Plan .

Provided for by point 6 of the Standard, it allows the organization, and in particular the legal representative, to:

  • Declare all security controls, from Annex A , that the organization has applied
  • Provide objective documentary evidence of their integration into the organization’s processes

Declaration of applicability ISO 27001:2024 and opportunities for use

  1. Participation in public or private tenders
  2. Communication with existing or potential customers
  3. Corporate partnerships or collaborations
  4. Requests for certifications or accreditations
  5. Compliance report or audit
  6. Press releases or public communications
  7. Submissions to regulatory bodies or government authorities
  8. Involvement in research or development projects
  9. Requests for financing or investments
  10. Participation in industry events or conferences
  11. Due diligence processes for mergers or acquisitions
  12. Responses to requests for information or requests for proposals
  13. Public hearings or legislative hearings
  14. Risk Assessment or Privacy Impact Analysis (PIA)
  15. Third-party security control reviews
  16. Data access requests from customers or partners
  17. Responses to security incidents or data breaches
  18. Industry-specific regulatory compliance needs
  19. Reviews of services or products by supervisory bodies
  20. Design and development of new products or services with integrated information security requirements.

Forms – ISO 27001:2024

The documented information (records) of the ISO 27001:2024 system essentially responds to two operational needs:

  • Prove compliance of the activities carried out with regulatory procedures and requirements
  • Record and transmit information and data related to the functioning of processes

The system forms are tidy, easy to understand and are connected to the procedures in a clear and unequivocal way. Each procedure has its specific modules.

The forms are rendered in Word, as are the procedures, and their contents are already filled in to aid consultants and managers in the relevant customization activity .

The layout is clean and easily usable and understandable by the people employed by the organization.

Specialist cybersecurity technical content in the forms

The forms cover all the processes to be implemented and contain very useful pre-compiled information that provides valuable specialist technical content in the field of cybersecurity , such as:

  • Information security  assets 
  • The evaluation and control of  network and communications security
  • Software security assessment and control 
  • The evaluation and control of the security of  computing devices
  • The evaluation and control of the  security of offices and archives
  • The evaluation and control of  safety systems and devices
  • The management and maintenance of security assets
  • The disciplinary process  for those who contravene the system’s requirements

The system registrations do not end with the forms but also include the ” management applications “. Kit applications created in Excel for monitoring, measurement, analysis and evaluation activities.

The Information Security Plan  which documents  how the organization implements all the controls required by Annex A of 27001 in the 2024 edition is included and already drawn up in  the forms of the ISO 27001: 2024 Procedures document kit .

Check list and declaration of applicability – ISO 27001:2024

For the purposes of ISO 27001:2024 certification, the organization must necessarily document the Annex-A controls that have actually been applied and integrated into the processes.

For this reason, certification is subject both to compliance with ISO requirements (Context, leadership, planning, etc.) and to verification of the security controls applied.

During the audit phase, therefore, three documents present in the system kit are relevant:

MOD 610-B – Information Security Plan (Applicability Statements)

The document is also recognized as a DECLARATION OF APPLICABILITY because it reports all the controls provided for in Annex A and, corresponding to each one, documents how the control has been applied to the system and integrated into the processes.

Compliance with ISO 27001:2024 requirements

The check list lists all the regulatory requirements and allows any non-conformities to be detected and documented.

Application of security controls (Annex-A, ISO 27001:2024)

The check list divides the security controls by type (organisational, on people, physical and technological) and allows you to detect any non-conformities inherent to their correct application.



Complete package of manual, management procedures, safety procedures, forms, management applications, checklists and attachments.

All ready-made and fully editable and customizable content. System with integrated management of information security controls provided for in Annex A of ISO 27001 in its new 2024 version. Declaration of applicability and Information security plan.