About the SecAware materials 

SecAware logo 150.gif

SecAware ISO27k materials are supplied as zip files containing customer-editable Microsoft Office files such as:

  • Management materials e.g. information risk and security strategy, Information Security Management System scope, ISMS implementation business case, job descriptions, briefings, ISMS charter;

  • General materials e.g. awareness presentations to help explain and launch the ISMS to staff;

  • Professional materials e.g. checklists for gap analyses and security reviews, risk management procedures;

  • Policies - generic/model "topic-specific" policy templates to consider, adapt and adopt for your organization;

  • Mandatory documents - the basics absolutely required for ISO/IEC 27001 certification e.g. SoA, RTP, corrective and preventive action forms and procedures, audit report templates;

  • Discretionary documents - supplementary materials your organisation may or may not require, according to its information risks, business objectives and broader compliance obligations.

Despite what you may read elsewhere, an ISMS can be certified with only the minimal mandatory documentation and processes specified in the main body of ISO/IEC 27001 ... but in practice most organisations find it worthwhile to expand the ISMS beyond the basics with additional materials, not least the information security controls outlined in Annex A.  For example, the standard requires that the organisation "determines what needs to be monitored and measured, including information security processes and controls", but it doesn't specify which security metrics it must have.  Based on our decades of experience in the field, SecAware provides examples, generic content to inspire you if you are unclear about what you really need.

Hint: the information content is at least as important as your ISMS tool - the application/s or SaaS service/s you may be using to manage your documentation and information risk management processes under ISO27001.  The system software may have been developed by professional software developers, but who wrote the associated documentation?  We are professional technical authors specialising in ISO27k, information risk and security management, governance, compliance, awareness, training and so forth since the 1980's. 

SecAware security awareness "modules" are also supplied as zip files containing customer-editable Microsoft Office files such as:

  • Briefings - designed to appeal to the particular audiences. Relatively simple, straightforward, action-oriented and informative for general employees. Succinct guidance focused on governance, strategy, policy, compliance, metrics etc. for managers including execs and board members.  More technical/in-depth information for the professional specialists;

  • Case studies - explore, discuss, teach and learn from realistic scenarios, often based around genuine incidents;

  • Checklists including audit-style Internal Control Questionnaires;

  • Diagrams such as mind maps, Probability Impact Graphs, risk-control spectra and process flowcharts;

  • FAQs - Frequently Asked Questions with straightforward answers;

  • Glossary - defining and explaining the specialist terms of art in plain language;

  • Leaflets - single or double-sided glossies, readable and engaging awareness materials;

  • Metrics - suggested ways to measure in order to improve various aspects of information risk and security;

  • Newsletters demonstrating that information risks are real, not merely academic concerns;

  • Policies - generic/model "topic-specific" policy templates to consider, adapt and adopt for your organization;

  • Posters - bright, eye-catching, thought-provoking artwork supplied as high-resolution JPGs suitable for professional or desktop printing, or to illustrate other materials;

  • Puzzles such as as word searches, so people become security-aware while having fun on their breaks;

  • Quizzes, tests and challenges - set people thinking, assess their understanding and engage them with the awareness program;

  • Slide decks - largely graphical/visual slides with detailed speaker notes, for seminars, meetings, briefings and courses, including self-study using Learning Management Systems or the intranet;

  • Train-the-trainer guides - bags of creative suggestions for security awareness and training activities.

There is a lot of content in each awareness module, giving you plenty of choice.  We don't expect you to use everything, rather to pick out the items that suit your purposes.  We do it this way because every customer is different: some of you are new at this and only need the basics right now, while others who have been doing awareness for a while are looking for something fresh, perhaps more in-depth or simply 'different'.  All of you have a range of workers, some of whom will appreciate the one-page leaflets and pretty pictures, and some who need something more meaty to get their teeth into, or need to be shown stuff. 

It should be obvious from the module descriptions that SecAware makes extensive use of powerful graphical images as well as written words.  Perhaps less obviously, the materials delve into fundamental concepts, ideas and approaches, while offering pragmatic, down-to-Earth guidance according to the topic and the audienceWe're talking breadth and depth here - an innovative and creative yet mature and proven approach to security awareness.

All the SecAware materials have been researched and prepared to a consistently high standard of quality by an experienced, competent team of information risk and security professionals, providing continuity across all the materials and topics.  This is what we do

SecAware content can be used straight out of the box if you want.  However, we use templates and styles making it simple to adopt your corporate look-and-feel.  If terms such as "Help Desk" and "Security Zone" don't suit you, simply search-and-replace with whatever you prefer.  If you use "cybersecurity" or "IT security" rather than "information security", go ahead, be our guest.  Swap your awareness logo in place of ours, and include your contact details.  Rather than fork-out for consultants to customize the content for your organization, do it yourself and get it exactly how you want it - or talk to us about your specific requirements.