The ISO 27001 gap assessment evaluates your ISMS implementation clause by clause against ISO 27001:2022 requirements.
Running the assessment
Go to ISO 27001 → Gap Assessment and click New Assessment. The questions cover all mandatory clauses:
- Clause 4 — Context of the organisation (scope, interested parties)
- Clause 5 — Leadership (top management commitment, policy, roles)
- Clause 6 — Planning (risk assessment, risk treatment, objectives)
- Clause 7 — Support (resources, competence, awareness, communication, documented information)
- Clause 8 — Operation (risk assessment execution, risk treatment implementation)
- Clause 9 — Performance evaluation (monitoring, internal audit, management review)
- Clause 10 — Improvement (nonconformity, corrective action, continual improvement)
Score each question from 0 (not started) to 4 (optimised). Questions scoring below 3 auto-generate remediation actions.