® 
Know exactly where you stand on the path to ISO 27001.
Gap analysis, ISMS assessment and a clear roadmap to certification. ISO 27001:2022.
What is an ISO 27001 Readiness Assessment?
An ISO 27001 Readiness Assessment shows how far you are on the path to certification and what you still need. The team assesses both the management system (ISMS) and the technical controls from Annex A. The output is a gap analysis with a concrete implementation plan, maturity scores per control domain and a roadmap to certification.
ISO 27001 is increasingly required by customers and partners
ISO 27001 is the international standard for information security. An increasing number of customers, partners and insurers require ISO 27001 certification. An ISO 27001 Readiness Assessment maps how far you are and what you still need for certification.
ISO 27001 goes beyond technology. It requires a complete Information Security Management System: policy, risk management, roles and responsibilities, documentation, internal audits and management review. The assessment evaluates all these components against ISO 27001:2022.
The team assesses your current information security practices against the requirements of ISO 27001:2022. The assessment covers both the management system and all 93 technical controls from Annex A, delivering a prioritised roadmap to certification.
You have the requirement for ISO 27001 but no clear path forward
Customers, partners and regulators increasingly require ISO 27001 certification. Without a structured approach the path to certification becomes a long and expensive process.
- You do not know how much work is left: without a gap analysis you cannot estimate effort, cost or timeline to certification.
- ISO 27001 requires a management system beyond technology: policy, risk management and internal audits are equally important and often underestimated.
- Organisations transitioning from ISO 27001:2013 to :2022 face a revised Annex A with new controls and a deadline of October 2025 for existing certificates.
What the assessment covers
- ISMS structure and documentation
- Risk assessment and risk treatment
- All 93 Annex A controls (ISO 27001:2022)
- Security policy and documentation
- Roles and responsibilities
- Internal audit and management review processes
- Awareness and training
- Supplier management
- Incident management
How DEFION conducts an ISO 27001 assessment
Intake and inventory
Inventory of existing measures, documentation and previous audit findings.
ISMS assessment
Review of management system components: scope, policy, risk management, internal audits and management review.
Controls assessment
Assessment of all 93 Annex A controls against current practices with maturity scoring.
Gap analysis
Identification of missing or insufficient measures per control domain with risk classification.
Roadmap to certification
Prioritised implementation plan with timeline, effort estimate and resource requirements.
Management presentation
Presentation of results and roadmap to management with Statement of Applicability advice.
Deliverables
- ISO 27001 gap analysis report
- Maturity score per control domain
- Implementation roadmap to certification
- Documentation overview (present vs. required)
- Statement of Applicability advice
- Management summary
- Optional: implementation support
Suitable for
- Organisations pursuing ISO 27001 certification
- Companies asked for ISO 27001 by customers or partners
- Organisations wanting their existing ISMS assessed
- Companies making the transition from ISO 27001:2013 to :2022
FAQ
How long does it take to achieve ISO 27001 certification?
Is ISO 27001 mandatory?
What is the difference between ISO 27001:2013 and :2022?
Do all Annex A controls need to be implemented?
Can you support with implementation?
Ready to start your ISO 27001 journey?
Tell us what you need. We scope the right approach and start within days.