Toolkit application

Answer: Besides a practical environment to implement a toolkit, I would advise you to try one of these strategies:

- Identify a potential scenario of your company, or other company you know, and simulate an implementation
- Search in google for lists like "top ten information risks" or "main information risks by industry" and from those lists you try to follow the implementation path

In those scenarios the simulation would follow the steps: risk assessment and treatment, controls elaboration and audit checklist elaboration. Also try to simulate that some controls are with problem, identifying what we call "triple non conformity elements" (rule to be followed, the situation that is breaking the rule, and an verifiable evidence), so you can state a proper non conformity. By doing that you will be capable to understand the whole implementation process in a broader view, which wi ll facilitate your understanding when working on a specific scenario.

These materials will also help you regarding the needed steps for a certification:

- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/