Here is the honest situation. Clause 9.1 of ISO 27001 requires you to monitor, measure, analyse and evaluate your security, and it is one of the most common places auditors find weak evidence. ISO 27004 is how you do it properly, but it is abstract: a measurement model, base and derived measures, indicators and decision criteria. Turning that into a working programme with a few meaningful measures, evidenced, is the real job, and most teams either skip it or drown in metrics.
This Kit removes the interpretation. It is the ISO 27004 measurement model and process as adopt-ready controls you personalize in a weekend.
What you get, the moment you buy
Grounded in ISO/IEC 27004:2016 and its measurement information model (base measures, derived measures, analytical model, decision criteria, indicators), operationalizing ISO 27001 clause 9.1. Editable Word and Excel files.
What one control looks like
This is a measurement process control, identifying the information needs that measures must serve. All 28 are built to this depth.
Why this is not another template pack
- The evidence is the point. A dashboard is not measurement. This tells you exactly what an auditor examines and the finding they raise, for every element, including the measurement model behind each metric.
- A model, not a metric dump. Base and derived measures, an analytical model, decision criteria and indicators, so your measures mean something and drive decisions.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. 27004 satisfies ISO 27001 clause 9.1, so this directly strengthens your ISMS certification and your board reporting.
Who buys this
ISMS and security managers who own ISO 27001 clause 9.1, security analysts building metrics, and consultants strengthening a client's measurement programme. Whether it is a first programme or fixing a clause 9.1 audit finding, you save weeks and walk in with meaningful measures and evidence structured.
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
Does this help my ISO 27001 audit? Directly. ISO 27004 operationalizes ISO 27001 clause 9.1, a frequent audit weak point. This Kit builds the measurement evidence auditors look for.
Is 27004 certifiable? It is guidance supporting ISO 27001. Certification is against 27001; this Kit strengthens the measurement part of it.
Does it cover the measurement model? Yes. Base and derived measures, the analytical model, decision criteria and indicators are built into the controls.
What if it is not for me? A 30-day money-back guarantee.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com