Information security policies
About us

Search this site

Security awareness content

This website belongs to IsecT Ltd.,
an independent information risk and security
management consultancy based in New Zealand.

Visit IsecT's website

For more about IsecT, please visit and


We are evangelical about information risk and security and wish to spread the good word about the ISO27k standards.


The primary purpose of this website is to describe, promote and share the information risk and security management practices described in the ISO/IEC 27000-series information security management systems standards.

We have used and contributed to the ISO27k standards for decades, dating back to the UK DTI Code of Practice for Information Security in the mid-1990’s that morphed into BS 7799.


We aim to keep the website free, impartial and most of all valuable. What keeps us going is the genuine interest and engagement from ISO27k fans around the world. Your selfless involvement and support means a great deal to us. Thanks all!


The domain, website and much of the information on it was created and is owned by IsecT Ltd. However, we are grateful for permission to publish content generously donated by others, for example many of the questions and answers now in the ISO27k FAQ were originally posted and debated on the ISO27k Forum, and the ISO27k Toolkit contains material donated by various generous contributors. Last but not least, there are numerous snippets from the ISO27k standards and other sources, reproduced here under the ‘fair use’ provisions of copyright law. Please consult the cited sources for further, definitive information.

Copyright © 2023 IsecT Ltd.