Question - Compliance Package Template for ISO27001


Do anyone have a compliance package template for the first 10 chapters in ISO27001:2013?

The Annex is already covered. But what about the main chapters (1-10)

Best regards

Christian Rozet

I have one which covers chapters 5-10, but I can’t attach it as CSV files are not authorized uploads. Contact me at Walter dot Williams at monotype dot com.

it is available for download, check the doc (2.x), compliance module … the doc at the bottom has an annex with both, 27002 and 27001

1 Like


As far as I can see, the 2 compliance packages mentioned above - “only” contains the Annexes. And not the chapter 4-10 from the main framework. Its either called the clauses og the requirements:

4 Context of the organization
4.1 Understanding the organization and its context
4.2 Understanding the needs and expetations of interested parties
4.3 Determining the scope of the information security management system
4.4 Information Security management system
5 leadership
5.1 Leadership and commitment
5.2 Policy
5.3 Organizatonal roles, responsibilities and authorities
6 Planning
6.1 Actions to address risks and opportunities
6.1.1 General
6.1.2 Information security risk assesment
6.1.3 Information security risk treatment
6.2 Information security objectives and planning to archive them
7 Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
7.5.1 Generel
7.5.2 Creating and updating
7.5.3 Control of documented information
8 Operation
8.1 Operational planning and control
8.2 Information security risk assesment
8.3 Information security risk treatment
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
10 Improvement
10.1 Nonconformity and corrective action
10.2 Continual improvement

I was just in case you had them pre-defined … I think I created them myself :slight_smile:

hi where is this?

i’m a little bit confused. I’ve just started using eramba, the tool look very good so far - now I manged to import the ISO27001 and ISO27002 (2022) compliance packages. In Both packages I can’t find anything about the annexes. In the posts above vice versa the annexes are available but he chapters are missing??!!
Where can an import file including the 27001/27002-Annexes can be found? Any hints? Please Help!

Support says:
Sam (eramba)

Jul 11, 2023, 11:13 GMT+2


I believe that annexes are not part of the csv.

Thanks & Best Regards


For every 27001 version (2013, 2022) we have two files:

  • 27001: the standard without the annex
  • 27002: annex

this has been downloaded many times, no one reported any issue so far. You can request them to if you have a valid copy of the ISO standard.