Your Complete ISO 27001:2022 ISMS — In One Spreadsheet
14 interconnected Google Sheets covering every stage of ISO 27001 compliance — gap assessment, risk registers, controls tracking, SoA, KPIs, audits, and certification readiness. Pre-filled, auto-calculated, and ready to use from day one.
Everything Pre-Built. Nothing to Figure Out.
Most organisations spend months building ISMS documentation from scratch. This toolkit gives you a certified-structure on day one — just add your data.
Auto-Calculated Scores
Risk scores, maturity ratings, KPIs, and asset values calculate automatically — no manual formulas needed.
Fully Interconnected
Risk Register feeds the Treatment Plan. Controls link to the SoA. KPIs pull live from every sheet. One source of truth.
Pre-Filled Content
12 pre-loaded risks, all 93 Annex A controls pre-mapped, 28 policy templates, 12 audit schedules — built in from the start.
Auditor-Ready Output
Structured to match ISO 27001:2022 clause order. Each sheet is ready to present to an external auditor as evidence.
No Software Required
Works in Google Sheets — free, browser-based, shareable with your team instantly. No new tools to learn or purchase.
Color-Coded Heatmaps
Risk ratings, maturity scores, and compliance gaps are colour-coded CRITICAL / HIGH / MEDIUM / LOW — instant visual clarity.
14 Sheets. Every Stage of ISO 27001.
From initial gap assessment to ongoing KPI monitoring — the full ISO 27001:2022 lifecycle is covered in a single workbook.
Dashboard
Live summary pulling data from all sheets — org details, overall progress by module, at-a-glance compliance status.
Gap Assessment
All clauses (4–10) and Annex A domains with maturity scoring 1–5 and a colour heatmap — instantly see where you stand.
Asset Inventory
Full information asset register — asset type, classification, CIA ratings (Confidentiality, Integrity, Availability), and auto-scored value.
Risk Register
12 pre-loaded risks + blank rows — auto-calculates inherent and residual risk scores, colour-coded CRITICAL / HIGH / MEDIUM / LOW.
Risk Treatment Plan
Linked to the Risk Register — treatment actions, owners, deadlines, and residual risk after controls are applied.
Statement of Applicability (SoA)
All 93 Annex A controls (ISO 27001:2022) — pre-filled applicability, justification rationale, and implementation status per control.
Controls Tracker
30 implementation tasks — status tracking (Not Started / In Progress / Done), evidence document links, and control owners.
Incident Log
Full incident register with category, severity, root cause, corrective actions, and closure status — ISO 27035-aligned.
Audit Schedule
12 pre-planned internal audits mapped across all clauses — findings tracker and CAPA linkage built in.
CAPA Tracker
Nonconformity and corrective action register — root cause analysis, action owner, verification date, and closure confirmation.
Supplier Register
Third-party risk register with data access classification, contract details, NDA status, and supplier risk rating.
Training Register
Staff-level awareness tracking — induction training, annual refresher, phishing simulation results, and compliance sign-off per employee.
KPIs & Metrics
19 KPIs — most pulling live data automatically from other sheets. Gives management a real-time ISMS performance view.
Policy Register
28 required ISMS documents tracked with version number, document owner, approval status, and next review date.
Who Is This For?
The ISMS Toolkit is built for organisations pursuing ISO 27001 certification without a full-time compliance team.
SMBs Going for Certification
Small and mid-sized businesses that need a structured ISMS without the cost of enterprise GRC software.
IT & Compliance Managers
Security leads who need a single system to manage risks, controls, incidents, and audits — without spreadsheet-building from scratch.
Consultants & Advisors
ISO 27001 consultants who want to give clients a professional, ready-to-use ISMS workbook as part of their engagement.
SaaS & Tech Companies
Technology companies under pressure from enterprise customers to prove ISO 27001 compliance as part of procurement.
Need Expert Help Getting Certified?
The ISMS Toolkit gives you the structure. Our ISO 27001 Implementation Service gives you the experts. We work alongside your team — from gap analysis through to certification audit — with a 100% first-time pass rate.
- Guided gap assessment & risk workshops
- Policy writing and control implementation support
- Internal audit execution and CAPA management
- Stage 1 & Stage 2 certification audit liaison
Frequently Asked Questions
Does this work in Microsoft Excel or only Google Sheets?
The toolkit is built and optimised for Google Sheets, as it uses cross-sheet references, conditional formatting, and live data pulls. It can be exported to Excel, but some live calculations may require adjustment.
Is this aligned to ISO 27001:2022 or the older 2013 version?
Fully aligned to ISO 27001:2022, including the updated Annex A structure with all 93 controls across 4 themes (Organisational, People, Physical, Technological).
Can I share it with my whole team?
Yes. Google Sheets allows you to share with your entire organisation with view, comment, or edit permissions. You can also restrict individual sheets to specific users.
Will this be accepted by an ISO 27001 certification auditor?
The toolkit is structured to meet the documentation requirements of ISO 27001:2022. Auditors evaluate your processes and evidence — not the tool you use. The outputs from each sheet are auditor-ready.
Do I need ISO 27001 expertise to use it?
Basic familiarity helps, but the toolkit is designed so that a compliance manager or IT lead can work through it systematically. Each sheet has clear column headings and pre-filled examples. For full implementation support, see our ISO 27001 Implementation Service.
Start Your ISO 27001 Journey Today
Get the complete ISMS Toolkit — 14 pre-built Google Sheets covering the full ISO 27001:2022 lifecycle. Ready to use from day one.