About ISO27001KIT

    From scattered documents to an audit-ready ISMS workflow.

    ISO27001KIT helps teams move from scattered documents to a more organised, audit-ready ISMS workflow - with templates, tools, and AI that respect what ISO 27001:2022 actually expects.

    Why ISO27001KIT exists

    Most ISO 27001 projects start the same way: a folder full of half-finished policies, a risk spreadsheet that no one trusts, and a deadline from a customer or auditor. The standard is clear, but the path from "we should do this" to "we can prove we do this" is not.

    ISO27001KIT exists to shorten that path. We focus on the small number of artefacts auditors actually sample - scope, risk register, SoA, evidence, internal audit, management review - and make each one easier to produce, keep current, and defend.

    Who it is for

    • Startups and SMBs pursuing ISO 27001:2022 for the first time
    • ISMS managers replacing scattered Word and Excel files with a single workflow
    • Security leads preparing for Stage 1 or Stage 2 audits
    • Consultants delivering ISO 27001 implementations for multiple clients
    • Internal teams maintaining certification through surveillance audits

    Implementation philosophy

    Audit reality over paperwork theatre

    A policy nobody follows fails an audit. We focus on documents that match how your team actually works.

    Evidence is the unit of work

    Every control needs proof an auditor can sample. Tools and templates are designed around what evidence each clause expects.

    Small steps, finished work

    Implementation moves in finished increments - scope, then risk, then SoA, then evidence - not endless half-done documents.

    How the toolkit connects your ISMS

    ISO 27001 is one connected system, not a stack of separate documents. The kit is structured around the same flow auditors follow:

    1. 1
      Scope
      Define what is in and out of the ISMS.
    2. 2
      Risk
      Identify, score, and decide what to treat.
    3. 3
      Controls
      Select Annex A controls in the SoA with justifications.
    4. 4
      Evidence
      Show each applicable control is actually operating.
    5. 5
      Internal audit
      Independently test that controls work.
    6. 6
      Management review
      Close the loop with leadership on the ISMS performance.

    What AI helps with

    • Explain a clause or Annex A control in plain language
    • Draft first-pass policy wording you then review and own
    • Suggest auditor-style questions to test a control
    • Reword weak justifications in your Statement of Applicability

    What humans still need to decide

    • Whether a control actually applies to your business
    • Risk acceptance and treatment decisions
    • Approving policies, scope, and the SoA
    • Operating the controls every day and capturing evidence
    • Internal audit findings and management review outcomes

    The ISO 27001 practitioner behind the kit

    Aymen Bentijani, founder of ISO27001KIT

    Aymen Bentijani

    Founder of ISO27001KIT

    Cybersecurity GRC Consultant, ISO 27001 Lead Implementer, writer, and builder of practical security tools.

    Aymen Bentijani founded ISO27001KIT to help implementers, consultants, auditors, and security teams make ISO 27001 implementation more practical, structured, and audit-ready.

    With a background in cybersecurity GRC and ISO 27001 implementation, Aymen focuses on turning complex compliance work into usable documents, risk workflows, Statement of Applicability guidance, evidence tracking, and implementation tools.

    ISO27001KIT was built to help teams move away from scattered files, unclear responsibilities, weak evidence, and last-minute audit preparation - and toward a clearer ISO 27001 implementation workflow.

    What this means for the kit

    Practical ISO 27001 documents

    Templates are designed to support real implementation work, not just create paperwork.

    Risk and SoA alignment

    The kit connects risk assessment, treatment decisions, Annex A controls, and Statement of Applicability reasoning.

    Audit-readiness mindset

    The workflow is built around helping teams understand what evidence they need and why it matters during audit preparation.

    Practitioner feedback shaping the kit

    ISO27001KIT is built around practical ISO 27001 implementation problems: readiness gaps, scattered audit evidence, weak risk registers, Statement of Applicability clarity, and audit preparation. Feedback from ISO 27001, GRC, audit, and cybersecurity professionals helps shape the practical direction of the kit.

    "Most gaps only surface during audits. A quick readiness check like this helps shift teams from reactive fixes to proactive ISMS maturity."
    Nikhil
    Cybersecurity & Privacy Leader
    "Audit readiness is often scattered across files and teams. Centralized evidence tracking with clear ownership transforms preparation from reactive scrambling into structured progress."
    Felicitas
    GRC / Audit Consultant
    "One of the biggest shifts in risk management happens when the register stops being a repository and becomes a decision tool."
    David
    CISO & Cyber Risk Executive
    "Risk registers often become audit artifacts instead of living risk management tools. The focus on linking risks to business processes is exactly what many organisations need."
    Awuley
    Enterprise Management & Business Consultant
    "A useful audit reference for showing which applicable security controls have been implemented."
    Sayed
    Senior Technical Services & Management Consultant

    Comments have been lightly edited for clarity and attributed using first name and broad professional role. They are practitioner feedback, not formal customer testimonials.

    Policies and security

    Ready to make your ISMS auditable?

    Pick a plan that matches where you are, or run a free readiness check to see where the biggest gaps live before you commit to anything.