ISO 27001:2022 Know-how set

This know-how set defines an ISO 27001:2022 and ISO 27002:2022 compliant information security and a cyber security management system. It is used to ensure information security, cybersecurity, and lawful processing of personal information.


Find out more about the know-how set

ISMS complete documentation

This know-how set contains the documentation required to define and operate an ISO 27001-compliant Information Security Management System. It includes over 117 policies, processes, procedures, instructions, document templates, normative sources, roles, and other types of content that comprise the systematic approach to any organization’s information security.

Ready-to-use and structured

The know-how set content is ready to use. It indicates the elements which should be tailored for the organization’s specificity using the TODO: strings. Thanks to this approach, you can focus on implementing the ISMS, not defining all its elements. The know-how set also establishes a structure of the ISMS documentation, introducing order to the system.

Role-based training

The know-how set introduces seven fundamental roles required by the ISMS. The roles define the scope of the training/awareness building concerning the ISMS definition. By assigning a person to a role on ins2outs, you limit a person’s perspective only to their essential information security tasks.

Normative sources

The know-how set documentation was derived from and is linked to the following normative sources: ISO 27001:2022, ISO 27002:2022, ISO 22301:2012, HIPAA, and General Data Protection Regulation (GDPR). Each normative source has a list of the documentation from this know-how set used to prove compliance.

Know-how set elements

Click on each of the groups to expand and see the complete list

ISMS Elements (110+)

15 - Policies

  1. ISMS Acceptable Use Policy
  2. ISMS Access Control Policy
  3. ISMS Access to Network and Network Services Policy
  4. ISMS Backup Policy
  5. ISMS Clean Desk and Clean Desktop Policy
  6. ISMS External Communication Policy
  7. ISMS Information Classification Policy
  8. ISMS Information Security Policy
  9. ISMS Information Security Risk Management Policy
  10. ISMS Information Transfer Policy
  11. ISMS Management of Removable Media Policy
  12. ISMS Mobile Devices Policy
  13. ISMS Password Management Policy
  14. ISMS Policy of Information Security in Relations with Suppliers
  15. ISMS Policy on the Use of Cryptographic Controls

11 - Processes

  1. ISMS Access Control Process
  2. ISMS Assets Management Process
  3. ISMS Audit Management Process
  4. ISMS Business Continuity Management Process
  5. ISMS Change Management Process
  6. ISMS Management Review Process
  7. ISMS Operations Management Process
  8. ISMS Personal Information Management Process
  9. ISMS Purchasing Process
  10. ISMS Risk Management Process
  11. ISMS Security Incident Handling Process

12 - Procedures

  1. ISMS Procedures for Individual Rights Execution in Data Processing
  2. ISMS Assets Management Procedure
  3. ISMS Disposal of Removable Media Procedure
  4. ISMS Internal Audit Procedure
  5. ISMS Management Review Procedure
  6. ISMS Nonconformities and Corrective Actions Management Procedure
  7. ISMS Procedure for Responding to Security Incidents
  8. ISMS Procedure for Responding to Security Weaknesses
  9. ISMS Procedure for the Management of Risks Related to Information Security
  10. ISMS Procedure for Working in Secure Areas
  11. ISMS Control of Records Procedure
  12. ISMS Control of System Documents Procedure

06 - Instructions

  1. ISMS Recruitment Process Instructions
  2. ISMS Computer User Instructions
  3. ISMS Instruction for Granting Rights in the Access Control System
  4. ISMS Instruction for Information Security in Project Management
  5. ISMS Instruction for Protecting Secure Areas
  6. ISMS Instructions for Equipment and Infrastructure Maintenance

32 - Ins/Outs (Templates)

  1. ISMS Change Request
  2. GDPR Agreement Regulating Access Rights
  3. GDPR Data Protection Impact Assessment
  4. GDPR Non-competition and Information Confidentiality Agreement
  5. GDPR Statement of Applicability
  6. ISMS Clearance Sheet
  7. ISMS – Monitoring and Measurements
  8. ISMS Access Control: Procedures
  9. ISMS Asset Information
  10. ISMS Asset Supplementary Information
  11. ISMS Business Continuity Plan
  12. ISMS Corrective Action
  13. ISMS ISO 27001 Statement of Applicability
  14. ISMS Management Review Report
  15. ISMS Nonconformity (NCR)
  16. ISMS Operations Management Plan
  17. ISMS Opportunity for Improvement (OFI)
  18. ISMS Organization Context
  19. ISMS Preventive Action
  20. ISMS Purchase Requirements
  21. ISMS Purchase Specification
  22. ISMS Risk Assessment
  23. ISMS Risk Treatment Plan
  24. ISMS Risks and Vulnerability Database
  25. ISMS Security Incident
  26. ISMS Security Weakness
  27. ISMS Supplier Agreement
  28. ISMS Audit Plan
  29. ISMS Audit Programme
  30. ISMS Audit Report
  31. ISMS Excel Document Template
  32. ISMS Word Document Template

7 - Normative sources

  1. GDPR EU: General Data Protection Regulation
  2. ISMS ISO 22301:2012
  3. ISMS ISO 27001:2013
  4. ISMS US:NIST 800-175B:2020
  5. ISMS US:NIST 800-57 – Part 2:2019
  6. ISMS US:NIST 800-61 Revision 2
  7. US: HIPAA

7 - Roles

  1. ISMS Data Protection Officer
  2. ISMS Information Security Officer
  3. ISMS IT System Administrator
  4. ISMS Contractor
  5. ISMS Employee
  6. ISMS Internal Auditor
  7. ISMS Top Management

How to purchase?

The purchase process is straightforward

Buying the know-how set

To buy a know-how set, you must order it using the contact form below. ins2outs would issue an invoice that covers the one-time payment for the know-how set. After the payment, ins2outs copies the know-how set to the organization’s account on ins2outs. The account must be active and have at least one paying user assigned. From that moment on, the know-how set is available for your organization. It usually takes one hour to copy the know-how set once the payment is confirmed.

Know-how set license

Once purchased, ins2outs grants your organization authorization for non-exclusive use of the Know-how set (non-exclusive license). The license is given in return for a one-time fee for the know-how set for the current status of the set. The license is granted for an indefinite period. The know-how set cannot be resold or made available outside the purchasing organization. The license limitations are documented in the Terms and Conditions document chapter “VI. Know-how set license”.

Ten hours of free consulting

When you purchase this know-how set on ins2outs, you are entitled to ten hours of free consulting. The purpose of that support is to smoother your entry into the ins2outs platform, show how to use ins2outs effectively, and let you test how an information security manager as a service offering could look. You define the schedule and the topics for which this consulting can be used. Try our Information Security Officer as a Service (ISOaaS) offering to prolong that service.


Explore the benefits of starting your system definition with this know-how set

Deliver know-how to your organization in one hour

Acquire the ISO 27001 know-how set instantly from the ins2outs platform. Let your organization gain the know-how, information security processes and build the necessary competencies.

Shorten by up to 75% your ISMS implementation time

The ISMS implementation can be a prompt and effective process. Combine ins2outs software, ISO 27001 know-how sets, and our consultants to define and certify any management system in weeks, not years.

Start operating the ISMS from day one

By acquiring a know-how set, you can start executing your ISMS from the moment of completed purchase. Most of the elements require just publishing and then training your personnel. The ins2outs software delivers the training.

Introduce mature information security governance

The know-how set brings the Information Security governance framework that collects experiences and expertise from many years of operating and improving InfoSec processes. Available for you in less than 1 hour.

Structured and easy ISMS execution

The know-how set brings not only valuable security governance, but also documentation structures, a plethora of templates, and training tailored for each role in the ISMS. This way, the daily operations of the ISMS become easier to grasp and execute. As a result, you get more efficient ISMS.


Information Security Officer


ins2outs Software

20/active user/month
  • Cloud-hosted
  • Requires one active user account
  • Standard features package
  • Full view and edit rights

Check our complementary services

ins2outs software

An organization works in ins2outs software (SaaS) hosted in a secure cloud environment. ins2outs provides an account where any of its management systems are hosted, like quality, information security, privacy, and others. The organization invites its users to the ins2outs software.

Information Security Officer as a Service (ISOaaS)

Information Security Officer defines, supervises, and operates your ISO 27001-compliant Information Security Management System (ISMS). The consultant will lead your ISMS certification and manage the information security approach.