NEW · GUMROAD

The Honest Guide to ISO 27001

The complete plain-English field guide to ISO 27001 — written by the guy who was being audited, not selling you a platform.

Get it on Gumroad →

US$69one-time · instant download · 5 guides + free bonus

THE HONEST GUIDE TO

ISO 27001
SERIES

5 field guides + 1 free bonus

// WHAT'S INSIDE

Five field guides + one free bonus

Each book stands alone, but they're designed as a set — cross-referenced, consistent, and following the same company the whole way through.

The Honest Guide to ISO 27001

How the standard actually works — first principles, no jargon.

The Honest Guide to Risk Assessment

The hardest part, done properly — risk that holds up under audit.

The Honest Guide to Internal Audit

The audit you run on yourself — find the gaps before the auditor does.

Where Your ISMS Lives

Tooling, artefacts and cadence — where the ISMS actually runs day to day.

The Honest Guide to Your First Audit

Certification, demystified — what stage 1 and stage 2 are really like.

BONUS

Worked Statement of Applicability

A complete, worked SoA you can learn from — free with the bundle.

FREE BONUS

// THE HONEST TAKE

Why this is different

Most ISO 27001 content is written to sell you a platform. This is written from the seat being audited.

No FUD. No vendor pitch. No padding. Just the plain-English path through the standard — what each control actually means, what an auditor is really looking for, and how to build an ISMS that holds up instead of one that looks good in a slide deck.

Every book follows one fictional company — PayEngine — all the way from 'we're not certified' to passing its certification audit. You see the risk assessment, the internal audit, the Statement of Applicability and the certification audit happen to a real-feeling business, not in the abstract.

Written by Ashley Knowles — CISSP, ISO 27001 Lead Auditor, and founder of Securitribe. The guide I wish I'd had.

// WHO IT'S FOR

Built for the person actually doing the work

🌱

First-time ISMS owners

You’ve been handed ISO 27001 and need to actually understand it.

👥

Small teams

No GRC budget, no compliance department — just you and the standard.

🚀

Founders facing certification

A customer or a deal needs the cert, and you need it to be real.

🚫

Anyone tired of FUD

You want the honest mechanics, not another scare-driven sales page.

// FAQ

Honest answers

Is this a template pack or a book?

It’s a set of plain-English field guides — books that teach you how ISO 27001 actually works. The free bonus includes a worked Statement of Applicability you can learn from, but the value is the understanding, not a folder of fill-in-the-blank templates.

Do I need a GRC platform to use this?

No. The whole point is that the standard — not a tool — gets you certified. The guides are deliberately platform-agnostic: whatever you already use (even a wiki and a spreadsheet) can run a real ISMS if you understand what it needs to do.

Will this get me certified?

Reading a book doesn’t hand you a certificate — doing the work does. What this gives you is the honest, end-to-end path so you know exactly what to build, what an auditor looks for, and what your first audit will actually feel like. It follows PayEngine all the way through passing, so you can see what “done” looks like.

Who wrote it, and why should I trust it?

Ashley Knowles — CISSP, ISO 27001 Lead Auditor, and founder of Securitribe. It’s written from the seat being audited, not from a vendor trying to sell you a subscription.

Go from “we’re not certified” to certified

The complete five-book path through ISO 27001, in plain English, with nothing padded — plus a free worked Statement of Applicability.

Get it on Gumroad →

US$69one-time · instant download · save ~30%