NIST CSF v2.0 Assessment
Complement ISO 27001's management system focus with NIST CSF's outcome-based cybersecurity framework.
Learn moreOverview
The ISO 27001 Maturity Assessment provides a comprehensive framework for evaluating your organisation's Information Security Management System (ISMS) against the ISO/IEC 27001:2022 standard. With 130 questions across 16 domains, this assessment covers both the management system requirements (Clauses 4–10) and the full set of Annex A controls.
Through structured evaluation criteria, you will assess your organisation's security governance, risk management processes, operational controls, and continuous improvement practices against internationally recognised best practice.
The assessment employs a maturity-based scoring model to help you understand your current ISMS posture, identify control gaps, and develop a prioritised remediation roadmap for certification readiness or ongoing compliance.
Who It's For
This assessment is designed for:
- Organisations preparing for ISO 27001 certification
- Certified organisations maintaining or improving their ISMS
- Information Security Managers and ISMS owners
- CISOs overseeing information security programmes
- Internal audit teams conducting ISMS readiness reviews
- GRC professionals managing ISO 27001 compliance
Typical Outcomes
Organisations using this assessment typically gain:
- Clear understanding of current ISMS maturity against ISO 27001:2022
- Identification of gaps in management system clauses and Annex A controls
- Prioritised remediation plan for certification readiness
- Documentation to support internal compliance reporting
- Baseline for tracking ISMS improvements over time
- Structured preparation for certification or surveillance audits
Assessment Coverage
The assessment comprehensively evaluates ISO 27001:2022 across 16 domains:
Management System Clauses:
- Clause 4: Context of the Organisation — understanding internal/external issues, interested parties, and ISMS scope
- Clause 5: Leadership — top management commitment, policy, and organisational roles
- Clause 6: Planning — risk assessment, risk treatment, and information security objectives
- Clause 7: Support — resources, competence, awareness, communication, and documented information
- Clause 8: Operation — operational planning, risk assessment execution, and risk treatment implementation
- Clause 9: Performance Evaluation — monitoring, measurement, internal audit, and management review
- Clause 10: Improvement — nonconformity, corrective action, and continual improvement
Annex A Control Domains:
- A.5: Organisational Controls — policies, asset management, access control, supplier relationships
- A.6: People Controls — screening, employment terms, awareness, remote working
- A.7: Physical Controls — security perimeters, equipment, clear desk, secure disposal
- A.8: Technological Controls — endpoints, privileged access, malware, backup, logging, network security, cryptography, secure development
Important Disclaimer
This assessment is a self-assessment tool designed to help organisations evaluate their current ISMS posture. It does not constitute a formal ISO 27001 audit, certification assessment, or attestation of compliance. Formal ISO 27001 certification requires assessment by an accredited certification body.