📍 London · Engagements UK & EU-wide
hello@thepenz.co.uk · +44 (0) 20 7183 2667
THEPENZ Request Audit →
Home / Toolkits

Compliance, written for you.

Off-the-shelf compliance toolkits designed by senior practitioners with FCA-regulated experience. Each toolkit ships with a complete, pre-mapped document library — covering policies, procedures, registers, training and audit evidence — that you can adapt to your context in days, not months.

i.

FCA-mapped

Every document is pre-mapped to FCA SYSC, PRA SS1/21, and DORA where relevant. We do the regulatory translation that generic toolkits leave to you.

ii.

Practitioner-authored

Authored by holders of CISSP, CISM, CISA, CRISC, CDPSE — not by content writers reading a standard for the first time.

iii.

Free preview, every toolkit

Download a 2-page sample document for any toolkit before you buy. Read the writing standard, judge the quality, then decide.

iv.

Lifetime updates

When standards revise (ISO 2027, PCI v5), purchasers get the updates included — no second purchase, no upgrade fee.

§01
Catalogue

Ten specialist toolkits. One uncompromising standard.

Each toolkit is a complete, audit-ready document library — designed by senior practitioners and continuously updated to reflect the latest regulatory expectations. Pricing is per-organisation perpetual licence with lifetime updates included.

Available now
No. 01

ISO 27001:2022 Toolkit

The complete Information Security Management System.

  • 54 documents
  • 93 Annex A controls
  • 14–20 weeks to certify

A battle-tested ISMS library aligned to ISO 27001:2022 and the updated Annex A. Includes the full Statement of Applicability, risk methodology, asset register, supplier assurance, incident response, business continuity, cryptography, access control and the four 2022 themes. Pre-mapped to FCA SYSC and DORA.

£1,495 per organisation · lifetime updates
Buy now → Free sample
Coming Q3 2026
No. 02

Cyber Essentials & CE+ Toolkit

First-time pass — the practitioner's playbook.

  • 22 documents
  • 5 control areas
  • 3 weeks to apply

IASME-aligned application pack with hardening recommendations, evidence collection workbook, on-site CE+ assessment readiness checklist, and the latest BYOD and cloud guidance from the 2026 specification. Designed for first-time pass.

£395 per organisation · lifetime updates
Register interest → Free sample
Coming Q3 2026
No. 03

PCI DSS v4.0.1 Toolkit

Card-data compliance, scoped intelligently.

  • 48 documents
  • 64 requirements
  • SAQ A–D coverage

Complete PCI DSS v4.0.1 toolkit including scoping workshop materials, gap analysis workbook, evidence room template, customised implementation approach guidance, segmentation testing methodology, and merchant- vs service-provider-specific control packs.

£1,795 per organisation · lifetime updates
Register interest → Free sample
Coming Q4 2026
No. 04

NIST CSF 2.0 Toolkit

The new Govern function — operationalised.

  • 38 documents
  • 6 functions
  • 106 subcategories

Complete toolkit for the NIST Cybersecurity Framework 2.0, including the new Govern function — with implementation profiles, target-state worksheets, current-state assessment, and tier-1-through-4 maturity progression. Mapped to ISO 27001 and DORA.

£995 per organisation · lifetime updates
Register interest → Free sample
Coming Q4 2026
No. 05

ISO 27701 Privacy Toolkit

Privacy management on top of your ISMS.

  • 32 documents
  • UK GDPR mapped
  • EU GDPR mapped

A privacy information management extension to ISO 27001:2022, designed to be layered on top of your existing ISMS. Includes UK GDPR & EU GDPR mapping, DPIA templates, ROPA register, data subject rights handling and breach notification procedures.

£995 per organisation · lifetime updates
Register interest → Free sample
Coming Q4 2026
No. 06

NCSC CAF 4.0 Toolkit

UK Cyber Assessment Framework — banking-tailored.

  • 36 documents
  • 41 outcomes
  • 4 objectives

Self-assessment workbook covering all 41 contributing outcomes, evidence-collection templates, gap-analysis spreadsheet, GovAssure preparation pack, and proportionality narrative templates. Particularly suited to UK building societies and banks of interest.

£1,295 per organisation · lifetime updates
Register interest → Free sample
Coming Q1 2027
No. 07

ISO 22301 Business Continuity

Operational resilience & BCM, joined up.

  • 34 documents
  • BIA templates
  • SS1/21 aligned

Business Continuity Management System aligned to ISO 22301:2019, including business impact analysis (BIA) templates, recovery time and recovery point objectives, exercise scenarios, and PRA SS1/21 operational resilience integration for FCA-regulated firms.

£995 per organisation · lifetime updates
Register interest → Free sample
Coming Q1 2027
No. 08

ISO 9001 Quality Toolkit

Quality management for service organisations.

  • 28 documents
  • 10 clauses
  • Risk-based approach

Complete Quality Management System aligned to ISO 9001:2015, designed specifically for professional services and technology organisations rather than manufacturing. Includes process maps, risk register, and pre-built integration with an ISO 27001 ISMS.

£795 per organisation · lifetime updates
Register interest → Free sample
Coming Q2 2027
No. 09

ISO 14001 Environmental Toolkit

EMS for low-impact service organisations.

  • 26 documents
  • EMS framework
  • Aspect-impact assessment

Environmental Management System for ISO 14001:2015, scoped for service organisations whose primary environmental impacts are office, travel and IT — not manufacturing. Lighter-weight than typical EMS toolkits, integrated with ISO 9001 and 27001.

£795 per organisation · lifetime updates
Register interest → Free sample
Coming Q2 2027
No. 10

ISO 20000 IT Service Toolkit

SMS for IT service providers.

  • 30 documents
  • ITIL-aligned
  • SMS framework

Service Management System aligned to ISO/IEC 20000-1:2018, ITIL 4 compatible. Includes service catalogue, SLA templates, change advisory board materials, problem and incident management procedures. For managed service providers and internal IT functions.

£995 per organisation · lifetime updates
Register interest → Free sample
§02
Bundles

Save more. Layer toolkits.

Most regulated firms need more than one framework. Buy two or three together and save up to 30%. Bundles include lifetime updates on every component toolkit.

Most popular

The Banking Bundle

Everything a UK building society or challenger bank needs to satisfy FCA and PRA cyber expectations.

  • ISO 27001:2022 Toolkit
  • NCSC CAF 4.0 Toolkit
  • ISO 22301 Business Continuity
£3,785 £2,495 Save £1,290
Register interest →
Best value

The Fintech Bundle

For payment institutions, EMIs and fintechs scaling from sandbox into general availability.

  • ISO 27001:2022 Toolkit
  • PCI DSS v4.0.1 Toolkit
  • ISO 27701 Privacy Toolkit
£4,285 £2,995 Save £1,290
Register interest →
All-in-one

The Complete Library

Every current and future toolkit in our catalogue. Lifetime updates included on all ten — and any future additions.

  • All 10 ThePenz toolkits
  • Lifetime updates on each
  • Future toolkits included
  • Quarterly Q&A clinic with senior practitioner
£11,150 £6,995 Save £4,155
Register interest →
§03
What's inside

Every toolkit ships audit-ready.

Each ThePenz toolkit is structured around four document categories, plus a comprehensive supporting bundle. The format is consistent across every toolkit so you only learn the structure once.

i.

Foundation documents

Scope statement, top-level policy, statement of applicability, risk methodology, and the documents that establish the management system.

ii.

Operational policies & procedures

The full operating layer of the standard — typically 20-40 documents covering each control domain, written for real-world execution.

iii.

Working registers & templates

Risk register, asset register, supplier register, training records, internal audit schedule, management review minutes — pre-formatted for use.

iv.

Audit evidence pack

Evidence collection workbook, sample-set guidance, certification body Q&A briefings, and pre-Stage-1 readiness checklist.

§04
Licensing

Honest, straightforward terms.

No subscription fees. No annual renewal. No surprise additions. One purchase, perpetual licence, lifetime updates.

One organisation, perpetual

Each toolkit is licensed to one organisation for use across all its operations. Internal use, internal modification, internal distribution to staff and contractors — all included.

Lifetime updates included

When standards revise (e.g. ISO 27001 next major revision, PCI DSS v5), licensees receive the updates included. No upgrade fees, no second purchase required.

What you cannot do

You cannot resell, sub-license, or redistribute the documents externally — and you cannot use them as the basis for your own competing toolkit product.

Group licences available

For consultancies, audit firms, and groups operating multiple legal entities, group licences are available — contact us for pricing scaled to the number of in-scope organisations.

Want a free sample before you decide?

Every toolkit comes with a free 2-page document sample so you can read the writing standard and judge the quality before paying. Tell us which toolkit interests you and we'll send the sample by return.

Request a sample → hello@thepenz.co.uk