ISO/IEC 27001:2022 Document Kits

The ISO 27001 Document Kits by KLS Academy PLT provide a structured set of ready-to-use documents to support organizations in implementing and achieving ISO/IEC 27001:2022 Information Security Management System (ISMS) certification. Priced at RM3,899, this package includes 57 essential documents, categorized into four levels.

The document kits comprise general templates. If your organization requires further customization based on your business processes, activities, scope, and context, you may Request for Quotation by contacting us at enquiry@kls-academy.com.

The document kit is structured into four levels for clarity, ease of implementation, and compliance assurance:

 

Level 1: Manual (7 Files)

Covers the ISMS Manual, Policies, Objectives, key registers for internal and external information security issues, stakeholder expectations, and process mapping.

  1. Information Security Management System Manual
  2. ISMS Policy
  3. ISMS Objectives
  4. Internal and External Issues Register
  5. Needs and Expectations of Interested Parties Register
  6. Roles & Responsibilities of ISMS Steering Committee
  7. Process Mapping

 

Level 2: Mandatory Procedures (10 Files)

Includes key ISMS procedures, such as risk assessment and treatment, incident management, access control, business continuity, compliance, internal audits, and corrective actions.

  1. Control of Documented Information
  2. Information Security Risk Assessment
  3. Information Security Risk Treatment
  4. Incident Management and Response
  5. Internal Audit
  6. Management Review
  7. Nonconformity and Corrective Action
  8. Access Control and Identity Management
  9. Business Continuity and Disaster Recovery Plan
  10. Compliance with Legal, Regulatory, and Contractual Requirements

 

Level 2: Standard Operating Procedures (SOPs) (10 Files)

Provides detailed SOPs for security risk management, incident handling, access control, cryptographic management, data backup, network security, and secure software development.

  1. SOP for Information Security Risk Management
  2. SOP for Security Incident Handling and Reporting
  3. SOP for Asset Management and Classification
  4. SOP for Access Control Management
  5. SOP for Cryptographic Key Management
  6. SOP for Data Backup and Recovery
  7. SOP for Secure Software Development Lifecycle (SDLC)
  8. SOP for Patch Management and Vulnerability Assessment
  9. SOP for Network Security and Firewalls
  10. SOP for Physical and Environmental Security

 

Level 3: Work Instructions (10 Files)

Offers step-by-step instructions for securing IT systems, covering user access, data disposal, third-party security, personal data protection, cloud security, and endpoint protection.

  1. Work Instruction for Managing User Accounts and Privileged Access
  2. Work Instruction for Secure Disposal of Data and IT Equipment
  3. Work Instruction for Managing Third-Party Security Risks
  4. Work Instruction for Handling Personal Identifiable Information (PII)
  5. Work Instruction for Secure Configuration of IT Systems
  6. Work Instruction for Secure Authentication and Multi-Factor Authentication (MFA)
  7. Work Instruction for Security Monitoring and Log Management
  8. Work Instruction for Secure Remote Access and VPN Usage
  9. Work Instruction for Mobile Device and Endpoint Security
  10. Work Instruction for Cloud Security and Data Protection

 

Level 4: Forms and Checklists (20 Files)

Includes essential templates and checklists, such as risk assessments, incident reports, access control reviews, legal compliance, backup verification, security performance monitoring, and internal audit documentation.

  1. Master List of Documents
  2. Information Security Risk Assessment Form
  3. Incident Report and Investigation Form
  4. Access Control Review Checklist
  5. Internal Audit Program
  6. Internal Audit Plan
  7. Internal Audit Checklist
  8. Internal Audit Report
  9. Non-Conformity and Corrective Action Report
  10. Supplier Security Compliance Evaluation Form
  11. Data Classification and Handling Checklist
  12. Backup and Recovery Verification Form
  13. Compliance and Legal Requirements Checklist
  14. Performance Monitoring Checklist
  15. Performance Monitoring Dashboard
  16. Management Review Meeting Minutes Template
  17. Staff Training Attendance Form
  18. Employee Competency Assessment Form
  19. Training Evaluation Feedback Form
  20. Continual Improvement Register