Self-assessment
Would your ISMS survive an audit?
Twelve honest questions across the areas auditors and enterprise buyers probe hardest. You will get an indicative readiness score and a recommended next step. Takes about two minutes.
- 01
Scope
Is your ISMS scope written down and does it match the systems, data and teams you actually operate?
- 02
Risk
Is your risk register current, with named owners and treatment decisions - not a static template?
- 03
Statement of Applicability
Does your Statement of Applicability match your risks and your real controls, with justified inclusions and exclusions?
- 04
Evidence
Could you produce dated evidence for your key controls across the last several months, without a scramble?
- 05
Access reviews
Do access reviews happen on a stated cadence, with recorded decisions and proof that access was actually removed?
- 06
Supplier risk
Do you have a current list of suppliers and subprocessors, with proportionate, repeated reviews of the important ones?
- 07
Incidents
Are incidents - including small ones - logged, triaged and closed with corrective actions and evidence?
- 08
Change & release
Do your changes and releases leave a durable record (ticket, review, test, deployment) you could show an auditor?
- 09
Management review
Does management review happen on a schedule and produce real decisions and tracked follow-ups, not just minutes?
- 10
Internal audit
Is your internal audit independent, planned and evidenced, with findings that feed corrective actions?
- 11
Control ownership
Does every control have a named owner who runs it and produces evidence as part of their normal work?
- 12
Enterprise trust
Can you answer enterprise security questionnaires quickly, with evidence, without stalling the deal?