With the rise in ISO 27001 implementation in recent years, it comes as no surprise that ISO 27001 toolkits have also grown in popularity. An ISO 27001 toolkit can seemingly save a business a good chunk of time and money when building an Information Security Management System (ISMS), particularly where ISO 27001 consultants can appear to be expensive initially, so let's take a look at the different types of toolkits available on the market today.

What is an ISO 27001 toolkit?

An ISO 27001 toolkit is a template that can help companies expedite their ISO 27001 implementation by using a pre-prescribed framework. These toolkits are mapped to the ISO 27001:2022 standard, assist in building your ISMS, and include the essential components of the ISO 27001 standard.

There are two categories of these toolkits:

1. Template Packs of Documents: These comprise of the required documents for an ISMS. The better ones provide prewritten and prepopulated documents required by the ISO 27001 standard and typically only require the business to enter their information.

2. Online Portals: These are software solutions, generally cloud-based, and often require more work than template packs. You MUST ensure they have all the necessary information and certificates to accompany their service if you opt for one of these.

Many people we speak to really like the sound of ISO 27001 toolkits for the following reasons:

• They’re seemingly cheap

• They appear time-efficient

Unfortunately, neither of these claims tend to match the end experience.

Why we generally dislike ISO 27001 toolkits…

Despite their attractive package, the toolkits are often inappropriate for most businesses. Why? Because they're built as one-size-fits-all, with no way to account for the specific context of a business.

Think of it like this…

You arrive at a car dealership, explaining that you want to buy a new fuel-efficient small car for commuting with one or maybe two passengers. The dealer then says, “Okay, let’s prepare for every possible situation,” and proceeds to sell you an armored vehicle that carries 48 passengers…

Not quite what you were looking for? Didn’t think so.

Unfortunately, because these templates are designed to be one-size-fits-all, they have to cover every possible scenario a business might encounter, making them a nightmare of a prebuilt system. Because of this, they don’t end up being as time (or money) efficient as they are marketed to be. You end up either having to strip huge chunks of the documentation away (which is daunting if you aren’t confident in what you are doing), or being tied in knots as a business trying to meet the demands/expectations of the template kit authors, who never intended for them to be used in that way in the first place!

Template kits cover every single eventuality. As a result, we see many clients stuck untangling the prebuilt paperwork nightmare that is an ISO 27001 toolkit.

So, what to do instead?

We would never recommend a toolkit… which seems awfully convenient considering we are a consultancy business! But, I promise we are just speaking from experience here.

What businesses actually need is for someone to come in, listen to their needs and wants, and build them a bespoke ISMS that fits the company's needs with a little bit of wiggle room for if/when it needs altering. Thus, saving a company a significant amount of time and money because an ISMS that fits a company—rather like buying a small car for commuting—is much more cost-effective in the long run (in terms of maintenance, expansion, reduction, and re-auditing). 

So, although the initial price of hiring a consultant to help you determine your company's needs, build an ISMS that fits the company, and maintain the ISMS between audits is higher, in the long run it is going to be significantly cheaper and less hassle.

If you want any further information on how we work, why we would back ourselves, or just some recommendations, please feel free to get in touch. We would be more than happy to chat with you about the different services we offer and point you in the right direction.