This is our Information Security Management System (ISMS) template page for Notion. The template(s) on this page are made by the people of ICT Institute. We use these templates in our training sessions and our advisory work, such as preparing organization to pass the ISO 27001 audit. We decided to make our templates available to anyone with hardly any restrictions.
This is your ISMS homepage. Every page, document and worksheet is stored here. You can think of it as your internal wiki or root SharePoint directory to access and manage the ISMS.
The ISMS index lists all the high-level components. The default view shows pages by their status: this way you can check what components need to be updated at a glance. The current view represents the real status of the templates as we develop them for Notion. For example, the Risk & Context Register and the SoA are at their latest version, the InfoSec Procedures are being developed.
The above structure comes from our experience in setting up and improving an ISMS, whereby it loosely follows the High-Level Chapter structure of the ISO 27001 standard. This often works for most companies and is easy enough to follow along the standard.
Each component is made to minimize the effort (clicks) of retrieving the relevant information. For instance, the Risks Register & Context page provides immediately the document metadata (last update, classification, editor and version), as often required for the ISMS.
Following, you can find brief description of the overall contents description (useful for unfamiliar users). The actual contents are prominently listed. Importantly, we include a detailed explanation on how read & use the contents, together with references to the related ISO 27001 clauses. This makes the page self-contained, which is particularly valuable when navigating the sheer amount of information during maintenance or actual audits.
The Risk Register contains example risks following a fictitious risk session. An awesome feature of the risk database is the dynamic links to the Statement of Applicability (SoA): try clicking on the controls, you will see the related entry in the SoA! The related risk is backwards-linked from the SoA. This allows you to keep consistent records that across updates, on top of other features offered by Notion. Similarly, you can seamlessly refer other ISMS artefacts straight from the Risk Treatment column: no need to manually navigate across tens of files!
Independent IT advice - ICT Institute
The templates are provided under the Creative Commons license Attribution license. You can do the following with the templates:
Share. You can share the templates and any documents made with these templates freely, with any one that you want to share it with.
Adapt. You can make new documents based on the templates, make changes, add elements or delete elements as much as you want. You can even do this in commercial organisations of for commercial purposes.
<aside> ⚠️
Note that the use of these templates is of course at your own risk. We made an effort to include all required items in the template, but when we use these templates we change them to fit the intended use. Note also that the ISO 27001 norm is copyright protected. You must buy a copy of the norm before you can use it.
</aside>