Self-assessment • Not an audit • Not a certification
Language: EN · DE · ES · PT · RU · UA
ISO/IEC 27001 • Readiness

ISO 27001 Readiness Check

Two steps: company context → questions. You’ll get a % score and AI recommendations.

Step 1/2
~10–15 min

Company context

Disclaimer: self-assessment only; not a certification.

Readiness questions

Defined ISMS scope (products/locations/services)? (weight 2)
Appointed ISMS owner / security lead with authority? (weight 2)
Approved Information Security Policy communicated to staff? (weight 2)
Information security objectives (measurable targets)? (weight 1)
Management review at least annually with actions recorded? (weight 2)
Document control (versions, access, updates)? (weight 1)
Asset register maintained (systems, data, infra, services)? (weight 3)
Information classification rules (public/internal/confidential)? (weight 2)
Risk assessment performed regularly (method + results)? (weight 3)
Risk treatment plan with owners and deadlines? (weight 3)
Statement of Applicability (SoA) maintained? (weight 3)
Legal/contractual requirements tracked (e.g., GDPR, customer clauses)? (weight 2)
Security impact assessed for changes (new systems/processes)? (weight 2)
Joiner/Mover/Leaver process to grant/remove access promptly? (weight 3)
Approvals + least privilege for access provisioning? (weight 3)
MFA enabled for key systems (email, cloud admin, production)? (weight 3)
Periodic access reviews for critical systems? (weight 2)
Secrets/passwords managed safely (no shared accounts, secure storage)? (weight 2)
Security awareness training at least annually? (weight 2)
Confidentiality/NDA obligations in contracts? (weight 1)
Logging for critical systems + review process defined? (weight 2)
Vulnerability management (scans/patching) with SLAs? (weight 3)
Backups + restore tests for important data/systems? (weight 3)
Endpoint protection / MDM for devices? (weight 2)
Encryption in transit (TLS) and at rest where appropriate? (weight 2)
Change management for production (review/approval/rollback)? (weight 2)
Incident response procedure (roles, steps, comms)? (weight 3)
Incident scenarios tested (tabletop) at least annually? (weight 2)
Vendor/supplier security assessment + contract requirements? (weight 3)
Internal audit / internal checks at least annually? (weight 3)

We’ll show your result instantly and also email it.