Free interactive tool

How close are you to ISO 27001?

Answer five quick questions to get an indicative read on your ISO 27001:2022 readiness, your priority gaps, and the path to certification.

1. Do you have management commitment and a defined ISMS scope?
2. Have you completed a risk assessment and treatment plan?
3. Are your core security policies documented and actually operating?
4. Do you run access reviews, logging and incident management?
5. Have you done an internal audit and management review?

What ISO 27001 certification takes

It’s a management system

ISO 27001 certifies a working Information Security Management System (ISMS) — leadership, scope and risk-based controls, not just documents.

Risk drives everything

Your risk assessment and Statement of Applicability justify every control. Auditors scrutinise them first.

Stage 1 then Stage 2

Certification is a documentation review (Stage 1) then an operating-effectiveness audit (Stage 2), with annual surveillance after.

Explore our ISO 27001 services →