Books — the smart way to learn about management system standards

  Already have an ISMS? perhaps we can help you create a better one!

Books by Dr David Brewer

Book cover for An introduction to ISO/IEC 27001:2013 by David Brewer

An introduction to ISO/IEC 27001:2013

  • Is for people who are looking for a straightforward overview of ISO/IEC 27001:2013 and how to implement it
  • Serves as a basic introduction to the standard and a straightforward guide to implementation;
  • Is an easy to follow pocket guide packed with useful ‘how to’ information
  • Contains guidance that is applicable to a wide range of differing ISMS implementations and is appropriate to SMEs as well as much larger organizations
  • Includes a practical and easy to use assessment/risk treatment method that delivers results directly expressed in business meaningful terms
  • Does not assume any prior knowledge of ISO/IEC 27001 or management systems
What the experts say

‘An excellent book – the ultimate guide to ISO/IEC 27001:2013 – a must have book whether you are an existing registration or considering it. Offers practical and pragmatic guidance to practitioners.’

Sabrina Feng, Chief Technology Risk Officer, London Stock Exchange Group

Edition 3 (published 2 November 2019). First published 2014

165 pages. Available on Amazon as a paperback, ISBN-10 1704570824 ISBN-13 978-1704570822: price £41.73, or Kindle, price £32.64


Understanding the new ISO management system requirements

Book cover for Understabnding the new ISO management system standards by David Brewer
  • Organisations that have a management system that conforms to ISO 9001, ISO 14001, ISO/IEC 27001, or other management system standard;
  • Organisations that have or are considering having an integrated
    management system
  • Consultants, trainers and auditors who are dealing with management system standards.

This book is a “must-have” for organizations and individuals keen on ensuring a smooth transition and obtaining maximum benefit from their investment in having a management system.

No prior knowledge of management systems is assumed.


In April 2012, ISO updated its directives.  There was a new annex – Annex SL (renamed in 2019 as Annex L) – which defines the High Level Structure and Identical Core Text for all new and revised management system standards. The concept is that some requirements, e.g. management review, are common to all management system standards and therefore ought to be identically worded.

The book explains the new requirements and how they are related to those in management system standards published prior to the advent of the new ISO directives. It shows how familiar concepts have metamorphosed into new ones. It provides fresh insights into understanding management system standards and thereby gives guidance on how to develop a management system for the first time.

Edition 2 (published 6 November 2019). First published in 2014.

102 pages. Available on Amazon as a paperback, ISBN-10 1706087543. ISBN-13 978-1706087540, price £27.16, or Kindle, price £23.38


Book cover for ISO/IEC 27001 — Mastering Risk Assessment and the Statement of Applicability by David Brewer

ISO/IEC 27001 — Mastering Risk Assessment and the Statement of Applicability

  • Is for people who looking for a straightforward approach to information security risk assessment, treatment, and the Statement of Applicability
  • Provides clear and easy to follow instructions on what to do
  • Uses events and consequences as advocated in ISO 31000:2018 (Risk management – Guidelines) and BS 7799-3:2017 (Guidelines for information security risk management)
  • Questions regarding information security measures are derived from a reference set of controls that is a superset of the controls in ISO/IEC 27001 Annex A, and those likely to be in the new edition of ISO/IEC 27002
  • Offers two layouts for the Statement of Applicability
  • Optional software support is provided by IMS-Smart Limited for an additional cost.

Edition 1 (published 2 January 2021).

130 page. Available on Amazon as a paperback, ISBN-13 979-8597894768, price £46.59, or Kindle, price £35.99 (also available with Kindle Unlimited).

About the author

Dr David Brewer has over thirty-five years’ worldwide experience working with management systems as a standards maker, consultant, auditor, tutor, and integrated management system administrator. He was one of the first consultants to advise the British Government on information security matters, helping to establish the first ever computer security evaluation facilities and evaluation criteria. He was a founder member of the Department of Trade and Industry’s Commercial Computer Security Centre (1987-1992) and became co-author of the European IT Security Evaluation Criteria (the forerunner of ISO/IEC 15408) and its associated evaluation manual. He was co-author of the original ISMS standard, BS 7799 Part 2 and Head of the UK delegation to ISO/IEC JTC1 SC27 WG1, which is responsible for the ISO 27000 family of standards. Recently he was the editor for the revision of ISO/IEC 27004 (Monitoring, measurement, analysis and evaluation) and a co-author of BS 7799-3:2017 (Guidelines for information security risk management (revision of BS ISO/IEC 27005:2011)).

David has conducted a wide variety of consultancy assignments in information security spanning 39 years in over 23 countries. He is well known for his work in rolling out ISO/IEC 27001 to the whole of the Civil Service in Mauritius (an exemplar of his ISMS implementation methodology), and for his ability to train people to train others. His seminal research papers include: The Chinese Wall Security Policy, published in 1989; and Measuring the Effectiveness of an Internal Control System, published in 2003.