Instant 27001 – Ready to use ISMS

Instant 27001 is a ready-to-use Information Security Management System (ISMS), which is mainly aimed at small to medium (IT) organizations. The pragmatic approach of Instant 27001 helps especially organizations with limited resources to design and manage all aspects of information security in compliance with the standard.

Instant 27001 contains all documents that companies need to implement ISO 27001. This includes policies, procedures and also a comprehensive risk assessment covering the most common risks.

Instant 27001 is available in English, German and other languages. Instant 27001 automatically generates essential documents explicitly required by the standard, saving valuable time during audits and reducing potential sources of error.

For Instant 27001 there are add-ons for ISO 27701 – an extension to ISO 27001 for a data protection management system – as well as for ISO 9001, the worldwide standard for quality management. 

Schedule a demo

Project planning

Divided into an organizational and a technical track, the built-in project plan guides you through all the steps needed, providing helpful tips along the way.

Stakeholder analysis

An important part of the “Plan”-phase is to get a better understanding of your organization, the stakeholders and the requirements they might have. It makes sense to do so, because this will have an impact on how you design your ISMS.

In Instant 27001, all clauses and controls have their own page, which state the Requirement from the standard, an Instruction of what you should do, and under Implementation you will find an example, which then only needs to be modified to match your own organization.

The Implementation can also refer to another document. In this case, the Stakeholder analysis is defined on its own page, for readability.

Risk assessment

Perhaps the most important part of ISO 27001 is the risk assessment, and consecutively the selection of the proper security controls to mitigate the risks.

Before we dive into that, the standard requires you to define a methodology first. Instant 27001 comes with a qualitative method, based on SPRINT.

To speed up the process, a list of 36 common threats is provided. We suggest you to start with evaluation these for relevance. After this, new risks can be added based on a built in Risk-template.

This risk can be mitigated by establishing a Mobile device policy (A.6.2.1) and a Cryptography policy (A.10.1.1).

Security controls

Annex A of ISO 27001 defines 114 common security controls, that can be used to mitigate the risks as defined above.

Risk treatment

The information entered under Treatment is the used to automatically generate the Risk treatment plan.

Information treatment policy

Policies and procedures

All policies and procedures are defined on their own page, for easy hyperlinking and redistribution (content can be exported as Word or PDF files).

Statement of applicability

After all Annex A controls have been evaluated for relevance (their ability to mitigate one or more of the risks you have identified earlier), a Statement of applicability must be created.

Instant 27001 does this automatically, by accumulating the information entered earlier on the pages of the controls.

Monitoring and measuring

Once the implementation of the security controls is done, ISO 27001 requires you to think about how you will monitor during the year that all controls are effective.

The security controls can be expanded with Check details, this information is then gathered to automatically create the Monitoring plan.

Now all you have to do is transfer this schedule into your own calendar or ticketing system.

YouTube

Mit dem Laden des Videos akzeptieren Sie die Datenschutzerklärung von YouTube.
Mehr erfahren

Video laden

Schedule free Instant 27001 demo now!

Schedule demo

Feature comparison – Instant 27001 contains …

 

all ISO 27001 requirements and controls

  • Contents of all (26) requirements of the management system
  • Contents of all (114) Annex A controls
  • Instructions and sample implementations
  • Templates to add custom requirements and controls (e.g. from other standards)

a complete risk assessment

  • (±35) IT related risks, ready for (re-)estimation
  • All risks are hyperlinked to the relevant Annex A controls
  • Template to add own risks
  • Automatically generated risk treatment plan

all documents, policies and procedures

  • Supporting documents (±10) e.g. SWOT analysis, stakeholder analysis, scope description, roles and functions, objectives, awareness presentation
  • Policies (±20)
  • Procedures (±15)
  • Templates to add own policies and procedures
  • Automatically generated Statement of Applicability

all necessary registrations

  • Asset management (workstations, phones, systems and (cloud) services)
  • Suppliers
  • GDPR processing register
  • Legal and contractual requirements
  • Changes
  • Incidents and non-conformities

full PDCA support

  • Integrated monitoring on all requirements and controls
  • Automatically generated monitoring plan
  • Internal audit program
  • Sample for (internal) audit report
  • Sample for management review

Pricing

Instant 27001 is sold as a one-time (perpetual) license, for one (1) organization/deployment. There are no hidden charges, no maintenance fees and no recurring costs. After you purchase the content, its yours. Forever. Just like a book!

The price of the license depends on the size and structure of the organization. It is always possible to upgrade the license when your organization grows!

Instant 27001 Startup

  • One organization or legal entity
  • Not a holding/group
  • Maximum 25 employees

€ 1995

 

Instant 27001 Scaleup

  • A (small) holding or group
  • Maximum 2 subsidiaries/legal entities (in scope)
  • Maximum 200 employees (in scope)

€ 2995

 

Instant 27001 Enterprise

  • A (large) holding or group
  • No maximum of subsidiaries
  • No maximum of employees

€ 3995

That’s it!

There are no hidden fees, no maintenance, and no recurring costs.

The content is yours after you’ve bought it. Just like a book.

Consultancy services around Instant 27001

We accompany you on your way to successful ISO 27001 certification, for example with the following consulting services:

  • Execution of initial so-called “Enlightenment Workshops” (see download).
  • GAP analysis workshops, in which we work out in detail the state of your organization with regard to information security.
  • Auditing of your ISMS as required in the context of an internal audit.
  • Accompaniment of your certification.

Please contact us to discuss your requirements.

ISO 27001 Enlightment Workshop