Many SMEs(Small and Medium-sized Enterprises) often confront difficulties of collecting and integrating related information of the implementation of ISMS controls due to budget, human resource or technology insufficiency. With the view to assisting SMEs, this research aims at developing a testing tool which is suitable for SMEs by integrating the related information in information systems for managing ISMS controls and internal auditing. This research implements “system development research methodology” based on developing a prototype system of technical testing tool of ISMS refining with depth personal interviews so as to explore the controls, which can be checked by using tool to gather related information in information systems within ISO 27001, and the needs as well as architectures of technical testing tool of ISMS. The outcome of the depth personal interviews indicated that the controls, which can be checked by using tool to gather related information in information systems within ISO 27001, must have the feature that the systems should automatically generate records during the implementation of the controls. The architecture of a technical testing tool of ISMS can be divided into four sections: organization’s security policies, collection of testing data, analysis of testing data, and display of testing data. On one hand, the needs of technical testing tool of ISMS should comprise the capability of displaying and adjusting the organization’s security policies, on the other hand, the tool should automatically collect as well as integrate related information. The basic requirement of testing tool contains data analysis flexibility, present data graphically, and the best possible simplicity.