Enabling Trust for Two Decades
Have any Questions?
info@sevenstepconsulting.com
Call Now
+91 -8115609560
Playbooks and Templates
Awareness Training & E-Learning
Essential Cybersecurity Incident Response Playbooks
Incident response playbooks give your team a step-by-step procedure to follow when a security incident occurs — eliminating the chaos of improvised response and ensuring regulatory notification timelines are met.
| Playbook | What It Covers | Frameworks Aligned |
|---|---|---|
| Ransomware Incident Response | Detection, containment, evidence preservation, eradication, recovery, and ransom decision framework | NIST IR, ISO 27001 A.5.26, DORA |
| Phishing Attack Response | Identification, user isolation, mailbox analysis, credential reset, threat hunting, and user notification | ISO 27001, NIST CSF, PCI DSS |
| Data Breach Response | Breach identification, severity classification, 72-hour GDPR notification, DPDP Act reporting, affected party notification | GDPR Art. 33/34, DPDP Act, HIPAA |
| Insider Threat Management | Behavioural indicator identification, investigation protocol, HR coordination, evidence chain of custody, termination procedure | ISO 27001 A.6, NIST SP 800-53 |
| DDoS Attack Response | Traffic analysis, ISP coordination, WAF and CDN activation, business continuity invocation, post-incident review | ISO 22301, NIST CSF, DORA |
Single Playbook
₹14,999 / $179
One incident response playbook
Step-by-step response procedures
Regulatory notification checklists
Post-incident review template
Complete Playbook Library
All 5 playbooks
₹34,999 / $429
All 5 cybersecurity playbooks
RACI matrix templates
Communication templates
Evidence log templates
Annual update
Complete Library
Cyber + Privacy + ISO
₹79,999 / $979
All 5 cybersecurity playbooks
5 privacy & data protection playbooks
5 ISO management system playbooks
RACI and communication templates
Priority email support
Essential Privacy & Data Protection Playbooks
| Playbook | What It Covers |
|---|---|
| Data Protection Foundations Playbook | Privacy governance setup, DPO appointment, policy hierarchy, and data protection principles implementation |
| Data Mapping & ROPA Playbook | Step-by-step data mapping exercise, ROPA population, and ongoing maintenance procedure |
| Data Subject Rights (DSR) Playbook | End-to-end DSR handling — access, erasure, rectification, portability, objection — with response templates and timelines |
| Privacy Risk & DPIA Playbook | When to conduct a DPIA, screening criteria, DPIA methodology, risk mitigation, and DPA consultation procedure |
| Incident Response & Breach Management Playbook | Breach identification, severity rating, 72-hour GDPR notification, DPDP Act reporting, and affected party communication |
Essential ISO Management System Playbooks
| Playbook | What It Covers |
|---|---|
| ISO 27001 ISMS Foundation Playbook | ISMS scope definition, context and interested parties analysis, information security policy framework, leadership commitment requirements, organisational roles and responsibilities, and certification readiness roadmap |
| ISO 27001 Risk Assessment & Treatment Playbook | Asset identification, threat and vulnerability mapping, risk scoring methodology, risk treatment option selection, Statement of Applicability (SoA) population, risk register maintenance, and residual risk acceptance procedure |
| ISO 27001 Controls Implementation Playbook | Annex A control selection rationale, implementation guidance for all 93 controls across four themes (Organisational, People, Physical, Technological), evidence requirements per control, and control owner assignment |
| ISO 27001 Internal Audit Playbook | Audit programme design, auditor competence and independence requirements, audit plan and checklist templates, nonconformity classification, corrective action tracking, and audit report structure for management review |
| ISO 22301 BCMS Foundation Playbook | BCMS scope and policy setup, business continuity objectives, interested parties and legal obligations analysis, organisational roles under ISO 22301, and programme governance structure |
| ISO 22301 BIA & Recovery Strategy Playbook | Business Impact Analysis methodology, RTO and RPO determination, critical function prioritisation, recovery strategy selection, resource requirements mapping, and strategy approval and documentation procedure |
| ISO 22301 Plan Development & Exercise Playbook | Business Continuity Plan structure and content requirements, Crisis Management Plan and IT Disaster Recovery Plan integration, exercise type selection (tabletop, simulation, full), exercise report template, and lessons-learned process |
| ISO 27701 Privacy Information Management Playbook | PIMS scope and integration with existing ISMS, controller vs. processor role differentiation, additional controls under ISO 27701 Annex A and B, ROPA alignment, and audit evidence requirements for combined ISO 27001/27701 certification |
| Management Review & Continual Improvement Playbook | Management review agenda structure, input and output requirements across all ISO standards, performance metric reporting, nonconformity and corrective action status review, improvement opportunity log, and board-level reporting templates |
Frequently Asked Questions
What is the Seven Step Compliance & Trust Shop?
The Seven Step Compliance & Trust Shop is an online resource library offering compliance toolkits, gap analysis tools, cybersecurity playbooks, staff awareness training, and executive governance resources. Every product is built by GRC practitioners with 20+ years of experience and 200+ real-world implementation projects. Products cover ISO 27001, ISO 22301, ISO 27701, ISO 42001, SOC 2, GDPR, HIPAA, DPDP Act, PCI DSS, DORA, and NIST Cybersecurity Framework.
Do I need to follow the seven steps in order?
No. The seven-step framework is a logical progression, but every resource is available independently. If you already have ISO 27001 certification and need a board-level risk presentation, go directly to Step 5. If you need vendor risk templates for a SOC 2 audit, go to Step 6. The steps are a guide, not a requirement.
What formats are the toolkits delivered in?
All policy templates and toolkits are delivered as editable Microsoft Word (.docx), Excel (.xlsx), and PowerPoint (.pptx) files, depending on the product. Gap analysis tools are delivered in Excel with automated dashboards. Downloads are instant after purchase. No subscription or software installation is required.
Are the free resources genuinely free?
Yes — Step 1 Foundation Kit resources are completely free with no credit card required. They include gap assessment scorecards, audit checklists, policy starter templates, compliance posters, and infographics. We offer them because we believe every organisation deserves a clear starting point before investing in full toolkits.
Can consultants use these toolkits with their own clients?
Yes. Seven Step offers white-label licensing for GRC consultants, MSPs, and advisory firms who want to deploy our templates in client engagements under their own brand. Enterprise and white-label licensing is available by contacting info@sevenstepconsulting.com.
What happens after I purchase a toolkit?
You receive an instant download link by email. Every paid toolkit includes email-based implementation support for questions that arise during use. If you need deeper hands-on support, you can book a consulting engagement directly with Seven Step Consulting through sevenstepconsulting.com/contact.
What compliance frameworks do the Seven Step Shop toolkits cover?
The Seven Step Compliance & Trust Shop provides toolkits and documentation packs for ISO 27001:2022, ISO 22301:2019, ISO 27701:2019, ISO 42001:2023, ISO 9001:2015, SOC 2 (AICPA Trust Services Criteria), HIPAA (including 2025 HHS OCR NPRM updates), GDPR (EU and UK), DPDP Act 2023 (India), PCI DSS v4.0, DORA (Digital Operational Resilience Act), and NIST Cybersecurity Framework. Additional frameworks are added regularly.
How is the Seven Step Shop different from generic compliance template websites?
Every Seven Step resource is built from real implementation experience. Seven Step Consulting has led more than 200 compliance and certification projects across 20+ countries in banking, healthcare, SaaS, manufacturing, and government sectors. The templates reflect what a qualified lead implementer actually produces for a certification audit — not a reverse-engineering of the standard. Each toolkit includes pre-filled examples, implementation guidance notes, and structured evidence mapping columns that generic template sites typically do not provide.
Can I use the toolkits for multiple clients or projects?
Single-user licence covers one organisation or project. Enterprise and white-label licences are available for GRC consultants, MSPs, and firms deploying the templates across multiple client engagements. Contact info@sevenstepconsulting.com to discuss enterprise licensing terms.
What format are the toolkits delivered in and can I customise them?
All toolkits are delivered as fully editable Microsoft Word (.docx), Excel (.xlsx), and PowerPoint (.pptx) files. Gap analysis tools use Excel with automated dashboards. Every document includes guidance notes and pre-filled examples to help you customise for your organisation's scope, industry, and regulatory context. Downloads are instant — no subscription or platform login required.
Does Seven Step Consulting offer implementation support if I buy a toolkit?
Yes. Every paid toolkit purchase includes email-based implementation support for questions that arise during use. For organisations that need deeper hands-on support, Seven Step Consulting offers full implementation consulting engagements across ISO 27001, SOC 2, HIPAA, GDPR, DPDP Act, and other frameworks. Book a free consultation at sevenstepconsulting.com/contact.
What is the typical timeline to achieve ISO 27001 certification using your toolkit?
Most organisations using the Seven Step ISO 27001 Implementation Toolkit achieve certification-readiness in 4–9 months, depending on organisational size, existing documentation, and audit scope. Small teams with an existing security programme have achieved readiness in as little as 60–90 days. The toolkit includes a project plan template with a realistic milestone schedule.
Is there a bundle discount for purchasing multiple toolkits?
Yes. Organisations implementing multiple frameworks simultaneously can purchase framework bundles at a discounted rate. Contact info@sevenstepconsulting.com with the frameworks you need and your organisation size for a custom bundle quote.
Are the toolkits updated when standards or regulations change?
Professional and Enterprise tier customers receive a free update whenever the relevant standard or regulation is amended — within 90 days of the amendment publication date. This includes updates to ISO standards revisions, GDPR guidance from the EDPB, HHS OCR HIPAA updates, and DPDP Act rules notifications.
How does the Seven Step Shop connect to the TCF Solutions Suite?
The TCF Solutions Suite is Seven Step's upcoming AI-powered GRC SaaS platform for continuous compliance automation. Every toolkit, policy, and documentation pack purchased from the Seven Step Shop is structured to import directly into TCF when it launches — so your documentation investments today become the foundation of your automated compliance programme tomorrow. Join the waitlist at thecompliancefirst.com.
