ISO 27001 Policy Pack — Core — 16 editable ISO/IEC 27001:2022 document templates in Word and Excel
ISO/IEC 27001:2022Small businesses & startups

ISO 27001 Policy Pack — Core

16 editable ISO/IEC 27001:2022 policies plus the full 93-control Statement of Applicability — everything a small business needs to start its ISMS.

New to ISO/IEC 27001:2022? Read our ISO/IEC 27001:2022 guide →

What's inside — 16 documents + 1 workbooks

  1. Information Security Policy (.docx)
  2. Information Security Roles and Responsibilities (.docx)
  3. Risk Assessment and Treatment Procedure (.docx)
  4. Acceptable Use Policy (.docx)
  5. Access Control Policy (.docx)
  6. Asset Management and Information Classification Policy (.docx)
  7. Physical and Environmental Security Policy (.docx)
  8. Human Resources Security Policy (.docx)
  9. Remote Working and Mobile Device Policy (.docx)
  10. Supplier and Cloud Services Security Policy (.docx)
  11. Information Security Incident Response Procedure (.docx)
  12. Business Continuity and ICT Readiness Plan (.docx)
  13. Backup and Recovery Policy (.docx)
  14. Logging and Monitoring Policy (.docx)
  15. Security Awareness and Training Procedure (.docx)
  16. AI Acceptable Use Policy (.docx)

Excel workbooks

  • Statement of Applicability — all 93 Annex A controls (Excel)
What's inside the ISO 27001 Policy Pack — Core — 16 compliance document templates
A look at what's inside the toolkit.

See the real content before you buy

We publish genuine excerpts — not marketing mockups. Read the opening sections of the Information Security Policy exactly as you'll receive it:

Read the free preview

Frequently asked questions

Does this ISO 27001 toolkit include the Statement of Applicability?
Yes. Every ISO 27001 toolkit includes an editable Excel Statement of Applicability covering all 93 Annex A controls of ISO/IEC 27001:2022, alongside the Word policies and, where listed, a risk register.
Will these templates make my company ISO 27001 certified?
No document set alone grants certification. An accredited certification body issues ISO 27001 certification after a Stage 1 and Stage 2 audit of a working ISMS. This toolkit gives you the complete, professionally structured documentation auditors expect — the longest part to prepare.
Is it aligned to ISO 27001:2022 or the older 2013 version?
It is written to ISO/IEC 27001:2022, including the restructured Annex A of 93 controls across four themes. When the standard changes materially we update the documents and offer affected customers a free re-download.
What format are the files and how are they delivered?
Editable Microsoft Word (.docx) and Excel (.xlsx) files, delivered as an instant download immediately after checkout. Organization-specific values are amber [bracketed placeholders] you replace with find-and-replace.
What licence do I get?
A single-organization licence. If you are a consultant or MSP intending to reuse the documents across multiple clients, contact us first for a fair multi-client arrangement.
$59

Secure Stripe checkout · instant download · no account required

By completing your purchase you agree to our Terms & License and Privacy Policy.

Professional editable templates — general information only, not legal, audit, tax, or certification advice, and no professional or advisory relationship is created. No purchase makes an organization compliant or certified. Review each document with qualified counsel, your compliance professional, or your auditor before relying on it. ISO, IEC, SOC 2, AICPA, HIPAA, NIST, GDPR, the EU AI Act, IRS and FTC are referenced descriptively only; ComplianceDocs (ExpertEngine LLC) is independent and is not affiliated with, endorsed by, or certified by any standards body, regulator, or audit firm.