Here is the honest situation. ISO 27001 stands or falls on the risk assessment, and ISO 27005 is the standard that tells you how to run it: establishing context and risk criteria, identifying risks by an asset-based or event-based approach, analysing and evaluating them, treating them, and producing the Statement of Applicability and risk treatment plan with risk-owner approval. Building that methodology, running it, and evidencing it, is weeks of work, and a risk assessment that does not trace to the Statement of Applicability is the finding an ISO 27001 auditor raises first.
This Kit removes that build. It is every ISO 27005 step written as an adopt-ready control you personalize in a weekend, with the evidence an auditor examines.
What you get, the moment you buy
Grounded in ISO/IEC 27005:2022, aligned to ISO 27001 and ISO 31000, with the asset-based and event-based identification approaches and the Statement of Applicability called out. Editable Word and Excel files.
What one control looks like
This is risk identification by the asset-based approach, a choice the 2022 revision makes explicit. All 30 are built to this depth.
Why this is not another template pack
- The evidence is the point. A risk process you cannot evidence fails the audit. This tells you exactly what an auditor examines and the finding they raise, for every step.
- Aligned to the 2022 revision. The asset-based and event-based identification approaches and the determine-controls-then-compare-to-Annex-A ordering match the 2022 standard, not an old reading.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. ISO 27005 drives the ISO 27001 risk requirements and follows ISO 31000, so this work is the engine of your whole ISMS.
Who buys this
Organizations running an ISO 27001 ISMS, the risk and security managers who own the risk assessment, and consultants building a risk methodology. Whether it is a first assessment or a maturity uplift, you save weeks and walk in with the methodology, the SoA and the evidence structured.
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
How does it relate to ISO 27001? ISO 27005 is the guidance for the ISO 27001 risk requirements (clauses 6.1.2, 6.1.3, 8.2, 8.3). This Kit builds that risk process and its evidence.
Asset-based or event-based? Both. The 2022 revision makes the two identification approaches explicit, and the Kit builds each as a selectable control.
Does it produce the Statement of Applicability? It builds the risk treatment and the Statement of Applicability as controls, with risk-owner approval and residual-risk acceptance.
What if it is not for me? A 30-day money-back guarantee.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com