Information security policies
About us

Search this site

Security awareness content

This website belongs to IsecT,
an information risk and security consultancy based in New Zealand.

Visit IsecT's website

For more on IsecT, please visit


The primary purpose of this website is to describe, promote and share the information risk and security practices described in the ISO/IEC 27000-series information security management systems standards. We have used and contributed to the ISO27k standards for over 20 years, back to the UK DTI Code of Practice for Information Security in the mid-1990’s that morphed into BS 7799.

In financial terms, this is a not-for-profit project. We do our best to keep the website and forum noncommercial and impartial. What keeps us going is the genuine interest and support from the wider community of ISO27k users, particularly experienced professionals on the ISO27k Forum. Your generous inputs to the Forum and the Toolkit mean a great deal to us. Thanks all.

We are evangelical about information security and wish to spread the good word about the ISO27k standards. It is our pleasure to provide the ISO27k information on this site, including the ISO27k Toolkit and ISO27k Forum, free of charge.


The website itself and much of the information on it was created and is owned by IsecT Ltd. However, we are grateful for permission to publish content generously donated by others, for example many of the the questions and answers now in the ISO27k FAQ were originally posted and discussed on the ISO27k Forum, and the ISO27k Toolkit contains example/template documents provided by various contributors. Last but not least, there are numerous quotations from the ISO/IEC and other standards, reproduced under the ‘fair use’ provisions of copyright law. Please consult the cited sources for further information.

Copyright © 2020 IsecT Ltd.