Skip to main content
Image coming soon

ISO/IEC 27007:2020 ISMS Auditing Evidence & Implementation Kit

$249.00
Adding to cart… The item has been added
ISO/IEC 27007:2020 · ISMS Auditing · Evidence & Implementation Kit
Audit your ISO 27001 ISMS with confidence, without inventing the audit method yourself.
Every ISO 27007 element handed to you as an adopt-ready practice, from managing the ISMS audit programme through auditing the risk assessment, the Statement of Applicability and Annex A control effectiveness, with the records that show a sound audit.
Audit-ready in a weekend, not a quarter.

Here is the honest situation. An ISO 27001 certification depends on a credible internal ISMS audit, and ISO 27007 is the standard that tells you how: managing the ISMS audit programme, conducting the audit, and, uniquely, auditing the risk assessment, the Statement of Applicability and the effectiveness of Annex A controls. Generic audit guidance does not get you there. Building the ISMS-specific audit procedures, checklists and competence records is weeks of work, and a superficial internal audit is exactly what a certification auditor challenges.

This Kit removes that build. It is every ISO 27007 element written as an adopt-ready practice you personalize in a weekend, with the records that show a sound ISMS audit.

What you get, the moment you buy

30
Guidance as adopt-ready practices. Every ISO 27007 element, from managing the ISMS audit programme through auditing the risk assessment, the Statement of Applicability and Annex A control effectiveness, written so you personalize and apply it.
30
Evidence-of-a-sound-audit checklists. For each element, exactly the records that show a credible ISMS audit, plus where ISMS audits fall short, so you close the gap first.
1
ISMS Audit Control Matrix, pre-built. Every element in a working spreadsheet, ready to record status and evidence location across your audit function.
1
Gap & Readiness Assessment. Score each element and the workbook returns your ISMS audit maturity as a single percentage, and exactly what to fix next.

Grounded in ISO/IEC 27007:2020, which applies ISO 19011 auditing to the ISMS, with auditing the risk assessment, the Statement of Applicability and Annex A control effectiveness called out. Editable Word and Excel files.

Auditing the SoA is what makes it an ISMS audit
A real ISMS audit does not just check documents. It tests the risk assessment, the Statement of Applicability and whether Annex A controls actually work. This Kit builds those ISMS-specific audit practices, so your internal audit stands up to the certification auditor.

What one control looks like

This is conducting the ISMS audit and collecting control evidence, the core of an ISMS audit. All 30 are built to this depth.

6.4 Conducting audit activities and collecting ISMS evidence PERFORMING
Adopt this practice

[Organization] shall conduct ISMS audit fieldwork through an opening meeting, structured collection and verification of evidence by interview, observation, document and record examination, and technical inspection or testing of controls, and controlled communication with the auditee, ensuring that only verified information becomes audit evidence against the defined criteria.

Auditor note.

Where controls are technical, sampling of live configurations, logs, and system output is stronger evidence than policy documents alone.

Evidence of a sound ISMS audit
  • Opening meeting record confirming scope, methods, and logistics
  • Working papers documenting evidence gathered by interview, observation, and inspection
  • Records showing evidence was verified before being relied upon
  • Audit team communication and daily progress notes
Common finding they raise: Auditors accept verbal assurances that a control operates without inspecting configuration or records, so evidence is unverified assertion rather than fact.

Why this is not another template pack

  • The evidence is the point. An ISMS audit you cannot evidence is a formality. This tells you the records that show a credible audit and where ISMS audits fall short, for every element.
  • ISMS-specific, not generic. Auditing the risk assessment, the Statement of Applicability and Annex A control effectiveness is written into the practices, the things generic audit guidance skips.
  • Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
  • It compounds. ISO 27007 builds the internal audit that ISO 27001 certification depends on, so this feeds your whole security certification effort.

Who buys this

Organizations running internal ISMS audits toward ISO 27001, the audit programme managers and lead auditors who own it, and consultants building an ISMS audit function. Whether it is a first audit or a maturity uplift, you save weeks and walk in with the audit method and competence records ready.

By the end of the weekend you will have
✓  An adopt-ready practice for all 30 elements
✓  A completed ISMS audit control matrix
✓  The records that show a sound ISMS audit
✓  Your risk-assessment and SoA audit method defined
✓  A maturity percentage and a fix list
✓  The common weaknesses designed out

Common questions

Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.

How does it relate to ISO 27001? ISO 27007 is the guideline for auditing an ISO 27001 ISMS. This Kit builds the internal audit that ISO 27001 certification requires.

How does it relate to ISO 19011? ISO 27007 applies ISO 19011 auditing to the ISMS and adds ISMS-specific guidance. This Kit reflects that, focused on the ISMS.

Does it cover auditing the SoA? Yes. Auditing the risk assessment, the Statement of Applicability and Annex A control effectiveness is a full control group.

What if it is not for me? A 30-day money-back guarantee.

Do not invent an ISMS audit method from scratch.
Every ISO 27007 element is fast to adopt with the Kit. It is instant, and it is guaranteed.
Add it to your cart and build your ISMS audit this weekend.

Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com