Free Resource

ISO 27001 Readiness Checklist

Score your organisation across 8 key areas and understand where you stand before pursuing ISO 27001 certification.

1. Leadership & Governance

  • Executive sponsor identified for information security
  • Information security policy documented and approved by management
  • Roles and responsibilities for security defined (CISO or equivalent)
  • Budget allocated for ISMS implementation

2. Scope & Context

  • ISMS scope defined (which business units, locations, systems)
  • Interested parties and their requirements identified
  • Internal and external context documented (regulatory, contractual, threat landscape)

3. Risk Assessment

  • Risk assessment methodology chosen and documented
  • Asset inventory created (information assets, systems, people, facilities)
  • Risk register established with identified threats and vulnerabilities
  • Risk treatment plan with owners and timelines

4. Policies & Procedures

  • Access control policy
  • Acceptable use policy
  • Incident response procedure
  • Business continuity / disaster recovery plan
  • Change management process
  • Supplier/vendor security assessment process

5. People & Awareness

  • Security awareness training program in place
  • Background checks for roles handling sensitive data
  • Confidentiality/NDA agreements signed by staff and contractors
  • Competence requirements defined for security-critical roles

6. Technical Controls

  • Multi-factor authentication (MFA) on critical systems
  • Endpoint protection / EDR deployed
  • Network segmentation and firewall rules documented
  • Encryption at rest and in transit for sensitive data
  • Vulnerability scanning on a regular schedule
  • Logging and monitoring with defined retention periods

7. Operational Security

  • Incident response tested (tabletop or simulation) in last 12 months
  • Backup and recovery tested and verified
  • Patch management process with defined SLAs
  • Physical security controls for offices and data centres

8. Compliance & Audit Readiness

  • Internal audit schedule planned
  • Management review process defined
  • Corrective action tracking in place
  • Evidence collection process for auditor requests

Scoring Guide

25+

Strong position — you're in great shape. Consider starting your Stage 1 audit.

15 – 24

Good foundation — address the gaps with a focused 3–6 month roadmap.

Under 15

Early stage — a Fractional CISO engagement can fast-track your readiness.

Need help closing the gaps?

Logic Weave provides Fractional CISO services and ISO 27001 implementation support for Australian SMBs.

Book a Free 30-Min Assessment
Free Download

Get the Printable Checklist

Enter your details below to download the full ISO 27001 Readiness Checklist as a printable PDF.

We respect your privacy. Unsubscribe at any time.