ISMS Connect Toolkit
Document templates, step-by-step guides and expert support for ISO® 27001 and TISAX®.
98.7% of audits passed on first attempt.
We found it very enriching to achieve our planned certification so quickly and with such a high level of quality with the help of the toolkit and the great advice. Thanks a lot for this support.

- Passed the audit successfully
- Proudly certified
Documents Included in ISMS Connect
Discover the extensive list of ISMS documents included. Click on folder title to expand it.
Definition of ScopeGuidance documents
Information Security PolicyGuidance documents
Training ConceptManagement documents
Key performance indicators (KPI)Management documents
Inventory of assetsManagement documents
Appointment information security officerManagement documents
Management review procedureManagement review
Management reviewManagement review
Risk assessmentRisk management
Risk management procedureRisk management
Action planPlan of action
Procedure for implementing corrective measuresPlan of action
Document control procedureManagement documents
Audit programAudits
Audit procedureAudits
Audit protocolAudits
Legal cadastreIdentification of requirements
Interested partiesIdentification of requirements
Further requirementsIdentification of requirements
Identification of requirementsIdentification of requirements
Statement of applicability (SOA)SoA (ISO 27001)
Evaluation of norm complianceSoA (ISO 27001)
Information classification policyPolicies & Measures
Disposal policyPolicies & Measures
Clean desk policyPolicies & Measures
Password policyPolicies & Measures
List of incidentsIncident Response
Handling of incidentsIncident Response
Emergency planIncident Response
Supplier policySupplier Policy
Supplier self-disclosure formSupplier Policy
Supplementary agreement with suppliersSupplier Policy
Supplier assessmentSupplier Policy
Non-disclosure agreement (NDA)Supplier Policy
IT cloud provider directorySupplier Policy
Granted contractor accessesSupplier Policy
Change managementChange management
Change Management PlanChange management
Asset handover protocolMobile device management
Personnel security policyHuman resources
Issuing mobile devices to employeesMobile device management
On-off-reboarding checklistHuman resources
Mobile device and remote working policyMobile device management
Contract addendum information security and confidentiality statementHuman resources
Access rights checklistHuman resources
List of projectsProject management
Project managementProject management
Physical access policyPhysical access management
Visitor handoutPhysical access management
Patch managementIT
Malware protection policyIT
Logging policyIT
IT procurement policyIT
Development policyIT
Network security policyIT
Cryptography policyIT
Backup policyIT
Access policyIT
Endoint SecurityIT
Threat intelligenceThreat intelligence
Threat LibraryThreat intelligence
Step-by-Step Guides for Your Certification
We break down the complexities of compliance into easy-to-follow sections, ensuring you're on the right track. Up-to-date for ISO® 27001:2022 and VDA® ISA 6.
Learn ISO® 27001 Basics
Implement Best Practices
Jumpstart Certification

Pricing
See all Pricing detailsPlus
For companies that want access to best-in-class resources.
From start to end, we support you through your journey to successfull certification.
Ready-made, easy to edit document templates that cover all the requirements of ISO® 27001 and VDA® ISA / TISAX®. All Content is available in English & German.
All ISMS Connect-Content gets updated regularly to reflect changed norm requirements, new best practices and new audit conventions
Step-by-step guides that helps you through every requirement of VDA® ISA / TISAX® & ISO® 27001
Get access to a private community where you can discuss ISMS related topics with our consultants and other customers.
Get access to a private community where you can discuss ISMS related topics with our consultants and other customers.
Additional to the Community Support, you get private access to our consultants, unlimited support per e-mail or chat. You can also join our Live Q&A Sessions.
You can directly contact a consultant for special requests or requests with confidential information in written at any time.
Get invited to Zoom sessions where you can get directly in touch with our consultants.
Get 5 complete documents reviewed by an expert to ensure compliance & audit-readiness.
Pro
For those who want access to a consultant whenever needed.
From start to end, we support you through your journey to successfull certification.
Ready-made, easy to edit document templates that cover all the requirements of ISO® 27001 and VDA® ISA / TISAX®. All Content is available in English & German.
All ISMS Connect-Content gets updated regularly to reflect changed norm requirements, new best practices and new audit conventions.
Step-by-step guides that helps you through every requirement of VDA® ISA / TISAX® & ISO® 27001.
Get access to a private community where you can discuss ISMS related topics with our consultants and other customers.
Get access to a private community where you can discuss ISMS related topics with our consultants and other customers.
access to our consultants, unlimited support per e-mail or chat. You can also join our Live Q&A Sessions.
You can directly contact a consultant for special requests or requests with confidential information in written at any time.
Get invited to Zoom sessions where you can get directly in touch with our consultants.
Get 5 complete documents reviewed by an expert to ensure compliance & audit-readiness.
Frequently asked questions
Everything you need to know about the product and billing.
ISMS Toolkit is a collection of tools & templates designed to help you implement an information security management system (ISMS) compliant with the two most popular security standards: ISO 27001 (the international standard for information security management) and VDA® ISA (TISAX®) (the information security standard for the automotive industry).
TISAX® (Trusted Information Security Assessment Exchange) is an information security standard tailored to the needs of the automotive industry. It's a standard that vehicle manufacturers, automotive suppliers, IT service providers, consultants and third-party software vendors can use to meet their information security requirements for automobile production. TISAX® certification is a compulsory requirement for many automobile manufacturers and suppliers to the German automotive industry.
The TISAX® is based on an Information Security Assessment (ISA) developed by the VDA® (Association of the Automotive Industry), which was first used by member companies of the VDA® for inspections of suppliers and providers whose companies process sensitive information. The goal of the TISAX certification is to increase transparency in the automotive industry by certifying suppliers based on their ability to secure critical data.
TISAX® in its core is based on essential requirements of ISO 27001 international information security standard, but is more specific to automotive and reflects automotive-specific topics, such as external communication channels and interfaces.
Yes, the TISAX® and ISO 27001 audits can be combined. To do so you should choose audit body certified approved for ISO 27001 and TISAX®. This allows both assessments to be carried out simultaneously and save time and efforts.
No, we don't offer certification. Our goal is to help you set up an information security management system yourself with ISMS Toolkit and prepare your organization for the certification audit. To arrange certification, you need to contact a Registered Certification Body (RCB) in your region who will conduct a two-stage audit to verify that you are compliant with standard requirements.
Small companies with fewer than 100 employees can expect to pay around €10,000 to an certification body. We help all customers of ISMS Connect to choose a fair offer of the certification body.
Additionally, a consultant can charge up to 50.000€ for a small or medium sized project to help you implement all requirements.
ISMS Connect is designed to eliminate large money, time, and human resource spending on reinventing the wheel by using proven ready-made templates and processes. Focus on what is essential for your life and business instead. Prevent thousands spent on consultants delivering the same toolkit and save over 90% compared to the cost of ISMS consultant with no effect on the documentation quality and business outcomes.
Absolutely! We believe information security doesn't need to be hard. Our goal is to give companies the tools they need to tackle the topic of "information security" themselves. ISMS Connect designed to help you implement ISMS yourself with step-by-step guidance and support without time and budget consuming external consulting services.
We suggest to! Most of the documents described in security standards are mandatory. These documents act as proof of a proper Information Security Management System. To verify your compliance auditor will review all the ISMS documentation, which means that what is not written down in your documentation needs to be proven in another way. Having all required ISMS documentation in place is a key element of successful security standards certification.
The audit gives you the opportunity to see how your information security management system (ISMS) stacks up to the requirements of ISO 27001 or TISAX®. The risk of not passing the audit is very real. If your information security management system (ISMS) is not in line with the requirements of ISO 27001 or TISAX®, you run the risk of non- compliance, which could lead to hefty financial penalties or even losing customers. This is why you need a plan in place so that you can be as prepared as possible before going into the audit.
Internal audit: Internal audit can't be failed but can lead to poor results. There is no direct influence on the external audits besides consuming time. The most common result is remedy discrepancies, so you need to re-do it. To do so you can always contact us to look into results to remedy discrepancies and help you to come up with a better solution.
External audit: The audit can result in one of three possible outcomes: compliance, temporary certificate, or non-compliance. The most common one is compliance. This is where everything is in order and there are no outstanding issues. However, sometimes an organization will receive a temporary certificate due to outstanding issues that need addressing. The last outcome is non-compliance. This means you're not audited properly or your systems don't meet the requirements, so you require at least one improvement action before the next audit date.
ISMS Connect includes an Pre-Audit Check to ensure that your organization is audit-ready.
You can pay by credit card or via SEPA direct debit.
No, you can use the documents in your own organization without any restrictions after downloading - even after cancelling the subscription.
1SO 27001 s a leading international information security standard, specifying the requirements for an organization's information security management system (ISMS). An ISMS is a documented set of policies, procedures, processes, and controls that are designed to address all aspects of information security within your organization. The standard was first published in 2005 and has been updated incrementally since then. ISMS is based on the fundamental concepts of information security including people, processes, and technology. ISO 27001 is recognized by governments and regulatory agencies across the globe. We've created this toolkit to help you get up and running with ISO 27001 quickly and easily, using best practice documentation methods.
Companies looking to certification must register with ENX® as a participant on the TISAX® online portal and at least one TISAX® Assessment Scope. TISAX® participation process contains multiple steps:
- Preparation. Research and study TISAX® requirements. - Registration. Register on the TISAX® portal, select auditing body and prepare for audit. - Self-assessment. Internal process to measure current level of compliance. - Initial assessment. Audit execution depends on your qualifying for remote (Level 2) or physical (Level 3) audit. - Assessment includes auditor interview, documentation review, and clarification of possible gaps and next steps. - Corrective action plan. This step includes the preparation of an action plan to correct any initial audit finding (gaps) and submitting it to the audit provider. - Follow-up. After corrective action plan is submitted it assess through follow up and TISAX® report. - Reporting and exchange. The auditor providers upload results of the audit to the TISAX® platform and the audited company decides how would they like to share the results with selected suppliers and service providers. The audited company also receives TISAX® labels from ENXe.
Yes. We would recommend getting a copy of the resepective standard itself from the ISO® official website (or Beuth) and VDA® ISA website. First of all without one, you may find that you spend more time than necessary trying to locate answers to your questions. Having the actual source document will help you better understand all the information needed for the implementation process.
And secondly during the certification process you will need to show auditor which criteria your ISMS is built against, so defacto it's required for certification.
Normally, the whole process can take up to 12-18 months depends on the size and complexity of your organization, and there are a number of stages that need to be completed before you can be standard certified. Even though many organizations focus on Information Security, the implementation of ISMS is not easy for everyone. There is a lot of work involved to prepare for an audit and be ready for certification. Even more without proper planning, the cost of certification can be extremely high with little to no return on investment.
In the same time, from our practice we know it's possible to achieve certification much faster (3-6 month) and with less expenses. And a lot of our customers actually do that. ISMS Toolkit helps you cut certification time from 11,5 year to a few month saving thousands of budget in the process.
Small companies with fewer than 100 employees can expect to pay around €4000 to an certification body for an AL2 assessment.
We help all customers of ISMS Connect to choose a fair offer of the certification body.
Additionally, a consultant can charge up to 50.000€ for a small or medium sized project to help you implement all requirements.
ISMS Connect is designed to eliminate large money, time, and human resource spending on reinventing the wheel by using proven ready-made templates and processes. Focus on what is essential for your life and business instead. Prevent thousands spent on consultants delivering the same toolkit and save over 90% compared to the cost of ISMS consultant with no effect on the documentation quality and business outcomes.
Doing the wrong things for the right reasons is still doing the wrong things. Without a clear strategy, step-by-step plan, and the help of a third party, achieving certification take months of research, trial, and error. That's why we created ISMS Connect.
ISMS Connect gives you clear overview of the whole process.
See exactly what needs to be done. A well- organized and structured system that gives you an overview of the full scope, timeline all information you need. Get a clear understanding of how much technical work is to be done so you can plan and estimate your project before going into detail.
Yes, but can be a variety of persons like IT manager, quality manager, or something close to IT, Data protection officer also possible. We are pleased to help you find the right person for this job.
Yes, we can help you with audit preperation and preparing the assessment. In addition to support and assistance through the process, we would be happy to advise and support you with audits with our customizable service options.
After payment, you can login with your credentials to access your user account and all content in your plan. If you pay by credit card, your access is instantly available.
Of course. We believe information security doesn't need to be hard. Our goal is to give companies the tools they need to tackle the topic of information security themselves. The ISMS Toolkit is designed to help you implement ISMS yourself with step-by-step guidance and support without time and budget consuming external consulting services.
ISMS Connect is an independent consultancy and not affiliated with ENX® TISAX®, VDA® ISA, ISO® or DIN®.


Still have questions?
Can't find the answer you're looking for? Please chat to our friendly team.
Get in Touch