ISO 27001/GDPR Know-how Set

Ready-to-buy ISO 27001/GDPR know-how set – Information Security Management System

ISO 27001 - System Zarządzania Bezpieczeństwem Informacji

Know-how set description

This know-how set defines ISO 27001/GDPR compliant Information Security Management System for Organizations. Its goal is to assure information security, including the protection of personal data (GDPR). The know-how set includes required policies, procedures, instructions and document templates. It covers also trainings, competency profiles, tools and external sources of information. All the aforementioned content is grouped around Roles required by ISO 27001 and GDPR regulations. By buying the know-how set an Organization can promptly deploy Information Security Management System and achieve ISO 27001 certification.

In addition to that, the know-how set helps to meet the requirements of General Data Protection Regulation and defines a personal data management system. The know-how set also supports ISO 27001 audits and personal data security audits.

ISO 27001/GDPR know-how set is recommended for Organizations which want to assure information security and the security of processing personal information.

The know-how set, in addition to the template content, also contains some empty elements which have to be prepared in the process of defining an Information Security Management System. This is derived from the fact that such content is organization-specific.

ISO 27001/GDPR know-how set statistics





Information contexts


ISMS content


Education content


ISO 27001/GDPR know-how set elements

Organization (23)

Roles (7)
  • Contractor
  • Data Protection Officer
  • Employee
  • Information Security Officer
  • Internal Auditor
  • IT System Administrator
  • Top Management
Contexts (7)
  • Acquisition
  • GDPR
  • Human Resources
  • IT Administration
  • Physical Security
  • Quality Management
  • Security
Normative sources (9)
  • 9 regulations and standards, including:
  • ISO 27001
  • General Data Protection Regulation

Know-how (72)

Policies (15)
  • Acceptable Use Policy
  • Access Control Policy
  • Access to Network and Network Services Policy
  • Backup Policy
  • Clean Desk and Clean Desktop Policy
  • External Communication Policy
  • Information Classification Policy
  • Information Security Policy
  • Information Security Risk Management Policy
  • Information Transfer Policy
  • Management of Removable Media Policy
  • Mobile Devices Policy
  • Password Management Policy
  • Policy of Information Security in Relations with Suppliers
  • Policy on the Use of Cryptographic Controls
Processes (10)
  • Access Control Process
  • Assets Management Process
  • Audit Management Process
  • Business Continuity Management Process
  • Change Management Process
  • Management Review Process
  • Operations Management Process
  • Purchasing Process
  • Risk Management Process
  • Security Incident Handling Process
Procedures (10)
  • Disposal of Removable Media Procedure
  • Documents and Records Control Procedure
  • Internal Audit Procedure
  • Management Review Procedure
  • Nonconformities and Corrective Actions Management Procedure
  • Procedure for Responding to Security Incidents
  • Procedure for Responding to Security Weaknesses
  • Procedure for the Management of Risks Related to Information Security
  • Procedure for Working in Secure Areas
  • Procedures for Individual Rights Execution in Data Processing
Instructions (7)
  • Computer User Instructions
  • Instruction for Granting Rights in the Access Control System
  • Instruction for Handling Extraordinary IT Situations
  • Instruction for Information Security in Project Management
  • Instruction for Protecting Secure Areas
  • Instructions for Equipment and Infrastructure Maintenance
  • Recruitment Process Instructions
Ins/Outs (30)
  • Access Control: Procedures
  • Agreement Regulating Access Rights
  • Asset Information
  • Asset Supplementary Information
  • Assets Inventory
  • Audit Plan
  • Audit Programme
  • Audit Report
  • Business Continuity Plan
  • Clearance Sheet
  • ISMS – Monitoring and Measurements
  • ISO 27001 Implementation Plan
  • Management Review Report
  • MS Excel Document Template
  • MS Word Document Template
  • Non-competition and Information Confidentiality Agreement
  • Nonconformity Card
  • Operations Management Plan
  • Opportunity for Improvement
  • Organization Context
  • Purchase Requirements
  • Purchase Specification
  • Record of Categories of Processing Activities
  • Record of Processing Activities
  • Risk Assessment
  • Risk Treatment Plan
  • Risks and Vulnerability Base
  • Security Incident
  • Statement of Applicability
  • Supplier Agreement

Education (8)

Trainings (2)
  • Training on Information Security Vulnerabilities
  • Training on the Information Security Management System
Guidelines (2)
  • Competence Profile: Information Security Officer
  • Competence Profile: Top Management
Tools (4)
  • KeePass
  • Access Control System
  • Change Management System
  • Remote Access System
Knowledge Bits (0)

Choose a best package for you

You choose what you want. Check out the most common package options when working with ins2outs.


Single user account on ins2outs*
20 €/mth


Single user account on ins2outs*
20 €/mth


Know-how Set Package

Ask for price


Single user account on ins2outs*
20 €/mth


Know-how Set Package

Consultancy support

Ask for price


Single user account on ins2outs*
20 €/mth


Know-how Set Package

Consultancy support

Know-how Set Domain Training

Ask for price

*Planning for 100+ users? Ask for individual pricing.

Ask about the price of this know-how set



    I am interested in*


    Organization name*

    Organization size*

    Your message

    Information Note

    Pro4People sp. z o.o., based in Wrocław, Poland at ul. Grabarska 1 (postal code 50-079), will be the controller of your entrusted personal data. Your personal data will be processed for the period of 3 years from the moment of the last contact. Your data will be processed under the General Data Protection Regulation (GDPR) and derived Polish national regulations. The base for processing is your consent, thus you can execute all the individual rights derived from GDPR at any moment by contacting us at Pro4People may transfer your personal data only to its Trustworthy Suppliers providing supplementary services to us for the purpose specified in this consent.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.