Skip to content
360 Cyber Compliance

ISO 27001 gap self-assessment

Six questions to gauge how far your ISMS is from ISO 27001 certification. A rough guide, not a formal gap analysis — answers stay in your browser.

1. Have you defined the scope of your information security management system (ISMS)?

The scope sets which parts of the business, systems and locations ISO 27001 covers.

2. Do you maintain an information security risk assessment?
3. Do you have the core ISO 27001 policies and procedures in place?
4. Have you produced a Statement of Applicability (SoA)?
5. Do you run internal audits and management reviews of the ISMS?
6. How are your Annex A controls (access, backups, supplier security, etc.) implemented?

New to the standard? Start with what an ISMS is or the ISO 27001 documentation checklist.