Free Readiness Check

    Find your ISO 27001 audit gaps before the auditor does.

    Answer practical questions and get a readiness score across scope, risk, policies, evidence, internal audit, management review, and corrective actions.

    10 areas covered

    The same areas a Stage 1 and Stage 2 auditor will look at, in plain English.

    Scope and context
    Leadership and responsibilities
    Risk assessment
    Risk treatment
    Statement of Applicability
    Annex A controls
    Evidence
    Internal audit
    Management review
    Corrective actions

    Sample readiness output

    This is the kind of practical, area-by-area output you get after running the check.

    AreaStatusExample gapSuggested next action
    Scope and context ReadyScope documented and approvedRe-confirm at next management review
    Risk assessment Needs workNo approved risk methodologyDefine and approve risk criteria
    Statement of Applicability Needs workWeak control justificationsAdd applicability reasoning for each Annex A control
    Evidence Needs workNo access review evidence in last 12 monthsRun a quarterly access review and store the signed report
    Internal audit MissingNo internal audit completedSchedule and record an internal audit before Stage 2
    Management review MissingNo documented management reviewHold a Clause 9.3 review and capture signed minutes
    Corrective actions Needs workOpen findings without owners or due datesAssign owner, due date, and verify closure

    Sample shown for illustration. Your actual output reflects your answers.

    What you get after the check

    An overall readiness score

    A clear percentage across all 10 areas so you know how close you are to Stage 1 and Stage 2.

    Your top gaps

    The specific items that will block certification, ranked so you know what to fix first.

    Next actions

    A practical to-do list per area: what to write, approve, run, or evidence next.

    Close your gaps

    Once you know your gaps, here is how to actually close them.

    Documentation gaps

    Missing scope, policies, risk methodology, SoA, or registers? Start from editable Word and Excel templates instead of a blank page.

    See the Document Pack

    Implementation and evidence gaps

    Need to track risks, owners, due dates, internal audit, management review, and corrective actions over time? Use Audit Room.

    See Audit Room

    What this check does not do

    The readiness check is an indicator, not a guarantee. A high score does not mean you will pass certification. Certification depends on your full implementation, your evidence, and the judgement of your certification body during Stage 1 and Stage 2 audits.

    Frequently asked questions

    What ISO 27001 and GRC practitioners are saying

    "Most gaps only surface during audits. A quick readiness check like this helps shift teams from reactive fixes to proactive ISMS maturity."
    Nikhil
    Cybersecurity & Privacy Leader

    Comments have been lightly edited for clarity and attributed using first name and broad professional role. They are practitioner feedback, not formal customer testimonials.

    See your ISO 27001 readiness in under 10 minutes.

    Free, no signup. Run the check and get your top gaps with suggested next actions.

    Run the readiness check