Here is the honest situation. Publishing a way to report vulnerabilities is only half the job. ISO 30111 is the other half: the internal process that verifies a report, develops and tests a fix, and releases it, tracked and confidential. Without it, reports pile up and researchers lose patience. Building the policy, the end-to-end tracking, the verification and remediation discipline, and evidencing them, is the real work, and it is what makes your disclosure promise real.
This Kit removes the build. It is the ISO 30111 handling policy and process as adopt-ready controls you personalize in a weekend, the internal companion to your ISO 29147 disclosure.
What you get, the moment you buy
Grounded in ISO/IEC 30111:2019, the internal-handling companion to ISO/IEC 29147 disclosure, with the end-to-end tracking, verification, remediation and confidentiality called out. Editable Word and Excel files.
What one control looks like
This is a handling-process control, report receipt and acknowledgement, where the internal process begins. All 28 are built to this depth.
Why this is not another template pack
- The evidence is the point. An inbox is not a process. This tells you exactly what an assessor examines and the finding they raise, for every element, including the end-to-end tracking.
- End to end. Receipt, verification, resolution, release and coordination are built in, tracked and confidential, so a report becomes a fix.
- Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
- It compounds. 30111 pairs with ISO 29147 disclosure and your secure development lifecycle, so your product security is one program, front door and engine.
Who buys this
Product and platform vendors that need a real handling process behind their disclosure channel, PSIRT and security leads who run it, and consultants standing one up. Whether it is your first process or a maturity uplift, you save weeks and walk in with the policy, tracking and records ready.
Common questions
Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.
How does it relate to ISO 29147? 29147 covers external disclosure (receiving and publishing); 30111 covers the internal handling process. This Kit is the handling side, and pairs with a 29147 disclosure process.
Does it cover tracking? Yes. End-to-end tracking of a vulnerability from receipt to release, and process management and metrics, are built in.
Does it need ISO 29147? They are complementary. You can adopt 30111 handling on its own, but it works best alongside a 29147 disclosure process.
What if it is not for me? A 30-day money-back guarantee.
Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com