Just a quick note if you are looking in to ISO27001 documents, to implement IT security in a best-practices-way, bookmark these:

ISO27001 specific material

BTW: there is a very interesting GDPR-ISO27001 mapping example/exercise published on the website: GDPR-ISO27k mapping


And as a surplus, have a read of the PCI-DSS, aka the ISO27001 for finance

Check the free download section of the ISO standards organization at:

Other free standards

Online fully accessible + freely downloadable iso standards, relevant for information security, privacy & data protection