Know-How Set · Information Security and Data Privacy
Cover four security frameworks from a single documentation baseline
A complete, ready-to-use Information Security Management System (ISMS) documentation baseline, aligned with ISO 27001:2022, ISO 27002:2022, GDPR, HIPAA, and SOC 2. Delivered to your ins2outs account in one hour, so your organization can operate securely and compliantly from day one.
Who is it for
Designed for organizations that handle sensitive information and need to demonstrate security governance to customers, regulators, or certification bodies
Technology and SaaS companies pursuing ISO 27001 or SOC 2
Your enterprise customers require evidence of information security controls before signing contracts, and your sales team is losing deals to competitors with certifications. The know-how set gives you a complete, audit-ready ISMS structure immediately, and the normative traceability to support both ISO 27001 certification and SOC 2 Type 1 / Type 2 audits from the same documentation baseline.
Organizations handling personal data under GDPR or HIPAA
If your organization processes personal data of EU residents or protected health information in the US, you carry legal obligations around data protection, breach notification, and security controls. The know-how set provides documentation pre-mapped to both GDPR and HIPAA requirements, integrated into the broader ISMS structure rather than maintained as separate compliance silos.
Regulated industries with mandatory security requirements
Financial services, healthcare, and critical infrastructure organizations face sector-specific security obligations from regulators and industry bodies. ISO 27001 certification provides a globally recognized framework that satisfies or substantially overlaps with most sector-specific requirements, reducing the duplication of parallel compliance efforts.
Organizations already certified to ISO 13485, ISO 9001, or ISO 42001
The ISO 27001 structure is designed for integration with other ISO management system standards. If your organization already operates on ins2outs with another know-how set, the ISMS know-how set integrates directly, reusing shared document control, audit management, and role-based training processes rather than building a parallel system.
Why use the AIMS know-how set?
The Information Security Management System (ISMS) built on how real security teams actually operate
Every document, process, and role reflects how organisations actually manage information security, structured against ISO 27001 and mapped to SOC 2, GDPR, and HIPAA, shaped by what our customers build and operate.
One baseline, four frameworks
Most teams need to satisfy multiple frameworks: ISO 27001 for international certification, SOC 2 for US enterprise sales, GDPR for EU data protection, or HIPAA for healthcare. The know-how set is mapped to all of these, so a single effort covers the overlapping controls across frameworks.
Cut setup time by up to 75%
The know-how set provides 110+ pre-written, structured documents: policies, processes, procedures, instructions, templates, and roles that your team can easily configure. Combined with ins2outs and our consultants, most organizations complete their ISMS definition in weeks.
Start operating from day one
The know-how set is operational from the moment it is delivered to your account. Most elements require only publishing and then training your personnel — a process the ins2outs platform manages through role-based assignments and acceptance tasks. There is no lag between purchase and productive use.
Inherit years of experience
The know-how set reflects years of practical experience operating information security processes. Your organization inherits a proven structure that covers the full information security lifecycle: from risk assessment and asset management through incident response and business continuity.
Optimize daily ISMS operation
The know-how set has documentation structures and set of templates, and role-tailored training for every ISMS function. Incident handling, access control reviews, supplier assessments, management reviews are supported by ready-to-use procedures and records from day one.
Standards covered by ISMS know-how set
Coverage across major domains and markets
Every document in the Information Security Management System (ISMS) was derived from and mapped to the following frameworks. You can trace any element back to the specific clause it satisfies directly within ins2outs.
ISO 27001 certification provides a strong documentation foundation for SOC 2 audits, and many controls satisfy both frameworks simultaneously. Additional standards or market-specific regulations can be added at any time within ins2outs. Organizations operating under multiple frameworks (e.g. ISO 27001 + ISO 13485 for medical device manufacturers) can link both know-how sets within a single account.
standards
The structure that takes most teams at least 2 years to figure out and setup
The Information Security Management System (ISMS) contains over 110 individual elements covering every layer of a compliant ISMS: from top-level policies and operational processes down to instructions, record templates, and role definitions. All elements are structured within ins2outs and ready to use from the moment of delivery.
Complete ISMS documentation
This know-how set contains everything required to define and operate an ISO 27001:2022-compliant Information Security Management System.
It includes policies, processes, procedures, instructions, document templates, normative sources, and roles — forming a systematic, audit-ready structure for any organization’s information security. All documents are pre-written and internally consistent, covering the full information security lifecycle from risk assessment through incident response.
Full normative traceability
Every document is linked to the specific clauses of the standards it satisfies.
Normative sources include ISO 27001:2022, ISO 27002:2022, ISO 22301:2012, GDPR, HIPAA, and NIST 800-series guidelines. The set also supports SOC 2 Trust Services Criteria alignment — organizations preparing for a SOC 2 audit can use the ins2outs traceability view to identify which ISMS controls address each Trust Services Criterion. Additional standards can be mapped at any time.
Role-based training built in
The know-how set defines 7 ISMS roles covering both governance and operational levels: from Top Management and Information Security Officer through to IT System Administrators and Data Protection Officers.
When a person is assigned to a role in ins2outs, they see only the content relevant to their responsibilities. Training and awareness records are maintained automatically through ins2outs acceptance tasks, providing auditable evidence of security competency without manual tracking.
Ready to use, designed to be tailored
The know-how set content is operational from the moment it is delivered.
Elements that require organization-specific input are clearly marked with TODO: strings, so your team knows exactly what to configure and what is already complete. The set establishes a default ISMS documentation structure — giving your system a clear, consistent architecture and eliminating the ambiguity of building from a blank template.
How to purchase ISMS know-how set
Place your order
To purchase the know-how set, submit a request using the contact form below. ins2outs will issue an invoice covering the one-time net fee. Once payment is confirmed, the know-how set is copied directly to your organization’s ins2outs account, typically within one hour.
Requirement: your ins2outs account must be active and have at least one paying user assigned at the time of delivery.
5 hours of free consulting included
Every know-how set purchase includes five hours of consulting at no additional cost. Use this time for ins2outs onboarding, ISMS setup guidance, tailoring the know-how set to your organization, or exploring how Information Security Officer as a Service could support your longer-term compliance needs. You set the schedule and agenda.
Your ins2outs license
Once purchased, ins2outs grants your organization a non-exclusive, indefinite license to use the know-how set content within your ins2outs account. The license is issued in exchange for a one-time fee and covers the know-how set at its current version. The content may not be resold or made available outside the purchasing organization.
Full license terms are documented in the Terms and Conditions, Chapter VI: Know-how set license.
ISO 27001:2022 Know-How Set
- Defines an ISO 27001:2022-compliant ISMS
- 110+ ready-to-use policies, processes, procedures, instructions, templates, and roles
- Normative traceability to ISO 27001, ISO 27002, GDPR, HIPAA, SOC 2, and more
- Supports SOC 2 Type 1 and Type 2 audit preparation
- Includes 5 hours of free consulting
- Delivered to your ins2outs account in one hour
- Requires an active ins2outs account
- For organizations of any size
Information Security Officer as a Service
- Experienced Information Security Manager delivered via ins2outs
- Defines, supervises, and operates your ISO-compliant ISMS
- Leads certification
- For organizations with up to 50 users
ins2outs standard plan
- Cloud-hosted, secure environment
- Up to 1,000 users
- Standard features package
- Full view and edit rights
Ready to get started?
Contact us to learn how the ISMS Know-How Set can support your organization’s security and privacy compliance and product roadmap goals.