ISO 27001 Readiness Checklist

This quick-scan checklist helps assess your organisation’s readiness for ISO 27001 certification. Each question aligns to key implementation steps — from defining scope and risk methodology through to evidence management and continual improvement.

Objective

Evaluate how mature your ISMS is across governance, risk, controls and improvement.

Scoring

Select Yes / Partial / No. Progress and readiness update automatically.

Output

Download a branded PDF with domain breakdown and next-step guidance.

Governance & Planning

Scope, stakeholders, roles and objectives.

0/0 answered

Clear ISMS scope defined (org units, locations, products/services, interfaces)?

Interested parties & their requirements identified and documented?

Security roles, responsibilities and decision forums defined and communicated?

ISMS objectives/KPIs set and reviewed on a cadence?

Risk Management

Method, register, owners and treatment cadence.

0/0 answered

Risk methodology documented and approved (criteria, scoring, acceptance)?

Current risk register with owners, treatments and due dates is maintained?

Controls Implementation

Annex A selection, SoA, suppliers and change.

0/0 answered

Annex A control selection completed with rationale linked to risks?

Key technical controls (MFA, logging, backups, hardening) implemented and verified?

Statement of Applicability (SoA) current, approved and referenced by audits/evidence?

Supplier due diligence completed; contracts include security clauses & monitoring?

Change management includes approvals, testing and rollback plans?

Evidence & Improvement

Evidence packs, awareness, internal audit and review.

0/0 answered

Evidence captured in Microsoft 365 (SharePoint/Entra/Defender/Purview/Intune) with retention?

Security awareness & role-based training tracked with completion records?

Internal audit program executed; findings tracked to closure?

Management review completed covering status, KPIs, risks and improvements?

Corrective actions logged with owners/dates and reviewed monthly?

ISO 27001 Readiness Checklist

Objective

Scoring

Output

Governance & Planning

Risk Management

Controls Implementation

Evidence & Improvement

Before you download

Welcome to Country