Self-assessment · Not an audit · Not a certification
Language: EN · DE · ES · PT · RU · UA
ISO 27001 Readiness

ISO 27001 Readiness

Two steps: company context → questions. You'll get a % score and AI recommendations.

Step 1/2
~10-15 min

Company context

Disclaimer: self-assessment only; not a certification.

Readiness questions

ISMS Foundation

Defined ISMS scope (products/locations/services)? (weight 2)
Appointed ISMS owner / security lead with authority? (weight 2)
Approved Information Security Policy communicated to staff? (weight 2)
Information security objectives (measurable targets)? (weight 1)
Management review at least annually with actions recorded? (weight 2)
Document control (versions, access, updates)? (weight 1)

Risk Management

Asset register maintained (systems, data, infra, services)? (weight 3)
Information classification rules (public/internal/confidential)? (weight 2)
Risk assessment performed regularly (method + results)? (weight 3)
Risk treatment plan with owners and deadlines? (weight 3)
Statement of Applicability (SoA) maintained? (weight 3)
Legal/contractual requirements tracked (e.g., GDPR, customer clauses)? (weight 2)
Security impact assessed for changes (new systems/processes)? (weight 2)

Access Control & HR

Joiner/Mover/Leaver process to grant/remove access promptly? (weight 3)
Approvals + least privilege for access provisioning? (weight 3)
MFA enabled for key systems (email, cloud admin, production)? (weight 3)
Periodic access reviews for critical systems? (weight 2)
Secrets/passwords managed safely (no shared accounts, secure storage)? (weight 2)
Security awareness training at least annually? (weight 2)
Confidentiality/NDA obligations in contracts? (weight 1)

Operations & Technology

Logging for critical systems + review process defined? (weight 2)
Vulnerability management (scans/patching) with SLAs? (weight 3)
Backups + restore tests for important data/systems? (weight 3)
Endpoint protection / MDM for devices? (weight 2)
Encryption in transit (TLS) and at rest where appropriate? (weight 2)
Change management for production (review/approval/rollback)? (weight 2)

Incident & Supplier Management

Incident response procedure (roles, steps, comms)? (weight 3)
Incident scenarios tested (tabletop) at least annually? (weight 2)
Vendor/supplier security assessment + contract requirements? (weight 3)
Internal audit / internal checks at least annually? (weight 3)

We'll show your result instantly and also email it.