ISO 27002 Compliance & Consulting

FLANK provides ISO 27002 consulting, along with ISO 27002 policies & policy templates and toolkits for assisting organizations in developing InfoSec policies for one's "Information Security Management System" (ISMS) in accordance with controls illustrated within the current ISO publication - INTERNATIONAL STANDARD ISO/IEC 27002 Second edition 2013-10-01. A key element of developing an ISMS is documentation, more specifically, information security and operational policies, procedures, and more. What can take literally dozens of hours to develop is now a much easier and more efficient process, thanks to the ISO 27001/27002: 2013 All-in-One Toolkit.

ISO 27001 Control Selection, Remediation, and Implementation

Having well-written ISO 27001/27002 policies and procedures are important, but more important is the ability for organizations to effectively select, remediate, and implement the desired controls for helping build a sustainable and working ISMS. The current ISO 27002 has a wide-range of controls that can be selected, many of them requiring considerable remediation if not already in place, so turn to the experts at FLANK for comprehensive ISO control assistance. Our talented team of well-skilled consultants and compliance auditors have years of experience working with both the ISO 27001/27002 standards and all other leading frameworks.

We can assist in configuring information systems in accordance with baseline security hardening guidelines, developing comprehensive backup plans, implementing security awareness training, instituting a real-world contingency plan, and much more. We also provide ISO 27001/27002 policy writing services for organizations desiring an extra level of customization to our existing templates offered with our All-in-One Toolkit. And because many organizations often undergo multiple compliance audits each year – PCI DSS, SOC 1, SOC 2, HIPAA and more – FLANK can also develop documentation that effectively cross references to each of the respective major categories when it comes to information security policies and procedures.

Download the ISO 27001/27002:2013 All-in-One Toolkit

Researched and developed by industry leading ISO and InfoSec security experts, our ISO 27001/27002: 2013 All-in-One Toolkit contains approximately 534 pages of information security and operational specific policies, procedures, forms, checklists, templates – and more – all mapped directly to the actual ISO 27002: 2013 controls. You’ll receive a complete set of MS Word policy and procedures templates for each of the ISO 27002:2013 security controls, along with supporting policies and procedures that compliments and enhances each respective security control. Building an ISMS has never been easier, thanks to the ISO 27001/27002: 2013 Toolkit from FLANK. View the product data sheet to learn more.

Available for instant download, the ISO 27001/27002: 2013 All-in-One Toolkit comes complete with the following fourteen (14) sections:

  • ISO 27001/27002: 2013 – Section 5 Policies and Procedures: Contains ten (10) pages of documentation that maps directly to “Information Security Policies”:
  • ISO 27001/27002: 2013 – Section 6 Policies and Procedures: Contains thirty-six (36) pages of documentation that maps directly to “Organization of Information Security”:
  • ISO 27001/27002: 2013 – Section 7 Policies and Procedures: Contains thirty-eight (38) pages of documentation that maps directly to “Human Resource Security”.
  • ISO 27001/27002: 2013 – Section 8 Policies and Procedures: Contains sixty (60) pages of documentation that maps directly to “Asset Management”.
  • ISO 27001/27002: 2013 – Section 9 Policies and Procedures: Contains-two (22) pages of documentation that maps directly to “Access Controls”.
  • ISO 27001/27002: 2013 – Section 10 Policies and Procedures: Contains seventeen (17) pages of documentation that maps directly to “Cryptography”.
  • ISO 27001/27002: 2013 – Section 11 Policies and Procedures: Contains twenty-one (21) pages of documentation that maps directly to “Physical and Environmental Security”.
  • ISO 27001/27002: 2013 – Section 12 Policies and Procedures: Contains ninety-nine (99) pages of documentation that maps directly to “Operations Security”.
  • ISO 27001/27002: 2013 – Section 13 Policies and Procedures: Contains thirty-six (36) pages of documentation that maps directly to “Communications Security”.
  • ISO 27001/27002: 2013 – Section 14 Policies and Procedures: Contains sixteen (16) pages of documentation that maps directly to “System Acquisition, Development, and Maintenance”.
  • ISO 27001/27002: 2013 – Section 15 Policies and Procedures: Contains fifty-two (52) documentation that maps directly to “Supplier Relationships”.
  • ISO 27001/27002: 2013 – Section 16 Policies and Procedures: Contains twenty-three (23) pages of documentation that maps directly to “Information Security Incident Management”.
  • ISO 27001/27002: 2013 – Section 17 Policies and Procedures: Contains fifty-five (55) pages of documentation that maps directly to “Aspects of Business Continuity Management”.
  • ISO 27001/27002: 2013 – Section 18 Policies and Procedures: Contains forty-four (44) pages developed documentation that maps directly to “Compliance”.

In all, you’ll receive approximately 534 pages of information security and operational policies & procedures and templates that map DIRECTLY to the prescriptive controls found within ISO 27001/27002.

Providers of Proven ISO 27001/27002 Services

FLANK also offers the following ISO 27001/27002 services for organizations all throughout North America and Europe:

  • Scoping and readiness assessments
  • Technical remediation and implementation of security controls, such as provisioning and hardening of information systems, re-configuration of files and system parameters, and more.
  • Evaluation of ISMS documentation for ensuring its sufficiency and adequacy
  • Additional services for all ISO 27000 series publications.

FLANK’s ISO 27002 consulting, along with ISO 27002 policies & policy templates will help get you on the road to compliance in no time. Contact us today at This email address is being protected from spambots. You need JavaScript enabled to view it., along with visiting us at flank.org to learn more. 

Note: FLANK only provides pre-ISO 27001 services and is not a ISO 27001 certification body. Should you decide to work with us, we have a reference list of qualified certification bodies who can actually perform the ISO 27001 certification process after we've adequately prepared your organization with our pre-certification services. Contact us today to learn more about our ISO 27001 pre-certification, consulting services.