£25.00
This checklist is your comprehensive guide to achieving and maintaining ISO 27001 certification with confidence. The checklist covers all the critical requirements outlined in the ISO 27001 standard, ensuring that every aspect of your information security management system is thoroughly addressed.
The checklist is an Excel spreadsheet listing every single requirement in the standard, including those in the Annex A controls. You’ll find requirements covered for:
We have extracted every single instance of the word “shall” being used across the ISO/IEC 27001:202022 and entered it as a row in the checklist, including those in Annex A listing the 93 potential controls.
That means this requirements checklist covers 100% of the requirements in ISO 27001. We have also added some information from ISO 27002 to guide our consultants when assessing if the requirements are met. You’ll find that information invaluable.
You can use it at the beginning of your implementation to perform a gap analysis and assess how much work you have to do. A gap analysis is useful if you already have a number of policies and procedures in place. For example, you might already have some of the core information security policies and procedures such as:
Information security policy
Acceptable use policy
Access control policy
Asset management policy
Change management procedure
Disaster recovery and business continuity plan
Incident management procedure
Network security policy
Supplier management Policy
Teleworking policy
You can also use the checklist to manage your ISO 27001 implementation project – it’s a complete list of all the requirements you need to meet so a good starting point as a project management tool.
Finally, it’s a good tool to do a final review just before your Stage 1 audit to make sure you have everything in place.
We use this requirements checklist at the very beginning of a consultancy engagement to find out what documentation and controls are already in place and determine how much work there is to do.
We use it during the implementation as a project plan, to keep track of progress, determine who’s responsible for doing what, determine where each requirement is documented or what evidence there is that it’s met.
Finally, we also use it just before an audit to list where everything is and verify that we’re ready. This spreadsheet is our core consultancy tool!
An ISO 27001 requirement is where the word “shall” is used in the text of the standard. For example, clause 6.1.2 Information security risk assessment states “The organization shall define and apply an information security risk assessment process”. This sentence contains two requirements: 1-do you have a risk assessment process that is defined (read documented) and 2-is this process applied (read “do you have a risk register that’s been updated recently”).
Over the years our ISO consultants have developed a set of tools, templates and techniques to help our clients achieve ISO 27001 as quickly, hassle-free and economically as possible.
We’ve developed a process, containing all the steps to achieving certification. The compliance checklist is one of those tools.
The certification process for ISO 27001 requires two audits to take place, 2-3 months apart.
Features
Free
£25
Detailed guidance page which explains how to use the checklist.
Coloured fields which indicate whether a requirement is met, partly met, or not met
Full list of controls (4-10) in the ISO 270001 Standard
Full list of standard requirements
Full list of requirements in Annex A
Additional fields which help to manage implementation
Summary scores for each control