The ISO 27001 module in Venvera provides comprehensive management of your ISO/IEC 27001:2022 Information Security Management System (ISMS). Whether you are preparing for initial certification, maintaining an existing certificate, or using ISO 27001 as a framework for information security governance, this module covers every aspect of the standard's requirements.
Dashboard
The ISO 27001 dashboard presents a consolidated view of your ISMS health and certification readiness:
Compliance Score
A prominent ring chart displays your overall ISO 27001 compliance score, calculated from your gap assessment results, SoA implementation progress, and nonconformity closure rates. The score provides a quick indicator of certification readiness.
SoA Progress
A progress bar and statistics panel shows your Statement of Applicability completion status:
- Total Annex A controls: 93
- Controls assessed as Applicable vs Not Applicable
- Implementation status breakdown: Not Started / Partial / Full
- Percentage of applicable controls fully implemented
Audit Schedule
An upcoming audits panel shows scheduled internal and external audits with dates, types, and status. Overdue audits are highlighted in red.
Nonconformity Tracker
A summary panel displays:
- Total open nonconformities (Major and Minor)
- Nonconformities by status (Open, Under Investigation, CA Planned, CA Implemented, Verified, Closed)
- Aging analysis — nonconformities approaching or exceeding their target closure dates
- Trend chart showing NC open/close rates over time
Module Sections
The ISO 27001 module is organised into the following sections, each accessible from the module navigation:
| Section | Purpose | ISO 27001 Reference |
|---|---|---|
| Statement of Applicability | Assess and document the applicability and implementation status of all 93 Annex A controls | Clause 6.1.3(d) |
| Gap Assessment | Evaluate your ISMS against ISO 27001 clauses (4–10) and Annex A controls using maturity scoring | Clauses 4–10 + Annex A |
| Internal Audits | Plan, conduct, and document internal audits of the ISMS | Clause 9.2 |
| Nonconformities | Register and manage nonconformities with root cause analysis and corrective actions | Clause 10.1, 10.2 |
| Management Reviews | Record management review meetings with required inputs and outputs | Clause 9.3 |
| Training and Awareness | Manage security training programmes and awareness activities | Clause 7.2, 7.3 |
| Document Register | Track mandatory documents and records required by the standard | Clause 7.5 |
| Certification Tracker | Track Stage 1, Stage 2, surveillance, and recertification audits | Certification lifecycle |
Getting Started
Work through all 93 Annex A controls, marking each as Applicable or Not Applicable with justification. For applicable controls, set the implementation status. This is a foundational document for ISO 27001 certification.
Assess your ISMS against the requirements in Clauses 4 through 10 and your applicable Annex A controls. This identifies areas needing improvement before certification.
Use the gap assessment results to create remediation actions. Log any identified nonconformities in the NC register and plan corrective actions.
Plan and execute internal audits covering all ISMS processes and applicable Annex A controls. Record findings and track corrective actions.
Schedule and conduct management review meetings with all required inputs per Clause 9.3. Document decisions and action items.
Ensure all personnel with ISMS responsibilities have appropriate competence. Record training activities and awareness campaigns.
Ensure all mandatory documented information is current, approved, and accessible. Use the document register to track versions and review dates.
If pursuing formal certification, use the Certification Tracker to manage Stage 1 and Stage 2 audits, surveillance audits, and recertification.