Instant 27001
Ready to use ISMS
Instant 27001 is a ready-to-run ISMS and contains all you need to implement ISO 27001 and get yourself ready for certification, in a matter of weeks. Simple, efficient and affordable.
You will start the implementation with 80% of the work already done, no prior experience or training necessary.
Instant 27001 is available for Atlassian Confluence and Microsoft 365. Available from € 1995 (one time purchase).
Steps to your information & IT security
We make information security management simple and enable companies of all sizes to pragmatically implement complex security requirements.
Everything included
Instant 27001 contains all documents that companies need to implement ISO 27001. This includes policies, procedures and also a comprehensive risk assessment covering the most common risks.
Internationally usable
Instant 27001 is available in English, German and other languages. Instant 27001 automatically generates essential documents explicitly required by the standard, saving valuable time during audits and reducing potential sources of error.
Practical add-ons
For Instant 27001 there are add-ons for ISO 27701 – an extension to ISO 27001 for a data protection management system – as well as for ISO 9001, the worldwide standard for quality management.
Stakeholder analysis
An important part of the “Plan”-phase is to get a better understanding of your organization, the stakeholders and the requirements they might have. It makes sense to do so, because this will have an impact on how you design your ISMS.
In Instant 27001, all clauses and controls have their own page, which state the Requirement from the standard, an Instruction of what you should do, and under Implementation you will find an example, which then only needs to be modified to match your own organization.
The Implementation can also refer to another document. In this case, the Stakeholder analysis is defined on its own page, for readability.
Risk assessment
Perhaps the most important part of ISO 27001 is the risk assessment, and consecutively the selection of the proper security controls to mitigate the risks. Before we dive into that, the standard requires you to define a methodology first. Instant 27001 comes with a qualitative method, based on SPRINT.
To speed up the process, a list of 36 common threats is provided. We suggest you to start with evaluation these for relevance. After this, new risks can be added based on a built in Risk-template. This risk can be mitigated by establishing a Mobile device policy (A.6.2.1) and a Cryptography policy (A.10.1.1).
Statement of applicability
After all Annex A controls have been evaluated for relevance (their ability to mitigate one or more of the risks you have identified earlier), a Statement of applicability must be created. Instant 27001 does this automatically, by accumulating the information entered earlier on the pages of the controls.
Monitoring and measuring
Once the implementation of the security controls is done, ISO 27001 requires you to think about how you will monitor during the year that all controls are effective.
The security controls can be expanded with Check details, this information is then gathered to automatically create the Monitoring plan. Now all you have to do is transfer this schedule into your own calendar or ticketing system.
ISMS is not witchcraft
With the right tool it's easy! See for yourself ...
Instant 27001 contains …
… all ISO 27001 requirements and controls
- Contents of all (26) requirements of the management system
- Contents of all (96) Annex A controls
- Instructions and sample implementations
- Templates to add custom requirements and controls (e.g. from other standards)
… a complete risk assessment
- (±35) IT related risks, ready for (re-)estimation
- All risks are hyperlinked to the relevant Annex A controls
- Template to add own risks
- Automatically generated risk treatment plan
… all documents, policies and procedures
- Supporting documents (±10) e.g. SWOT analysis, stakeholder analysis, scope description, roles and functions, objectives, awareness presentation
- Policies (±20)
- Procedures (±15)
- Templates to add own policies and procedures
- Automatically generated Statement of Applicability
… all necessary registrations
- Asset management (workstations, phones, systems and (cloud) services)
- Suppliers
- GDPR processing register
- Legal and contractual requirements
- Changes
- Incidents and non-conformities
… full PDCA support
- Integrated monitoring on all requirements and controls
- Automatically generated monitoring plan
- Internal audit program
- Sample for (internal) audit report
- Sample for management review
Pricing
Instant 27001 is sold as a one-time (perpetual) license, for one (1) organization/deployment. There are no hidden charges, no maintenance fees and no recurring costs. After you purchase the content, its yours. Forever. Just like a book!
The price of the license depends on the size and structure of the organization. It is always possible to upgrade the license when your organization grows!
Instant 27001 Startup
- One organization or legal entity
- Not a holding/group
- Maximum 25 employees
€ 1.995
Instant 27001 Scaleup
- A (small) holding or group
- Maximum 2 subsidiaries/legal entities (in scope)
- Maximum 200 employees (in scope)
€ 2.995
Instant 27001 Enterprise
- A (large) holding or group
- No maximum of subsidiaries
- No maximum of employees
€ 3.995
Prices plus applicable value added tax.
That’s it!
There are no hidden fees, no maintenance, and no recurring costs. The content is yours after you’ve bought it. Just like a book.
Consultancy services around Instant 27001
We accompany you on your way to successful ISO 27001 certification, for example with the following consulting services:
- Execution of initial so-called “Enlightenment Workshops” (see download).
- GAP analysis workshops, in which we work out in detail the state of your organization with regard to information security.
- Auditing of your ISMS as required in the context of an internal audit.
- Accompaniment of your certification.
Please contact us to discuss your requirements.