Free Download

ISO 27001:2022
Readiness Checklist

A comprehensive checklist for ISO 27001:2022 covering 118 checks across all ISMS clauses and all 93 Annex A controls. Open in any browser, mark status, add evidence notes, and print as PDF. No sign-up needed.

Built by CISM-certified consultants · Based on ISO/IEC 27001:2022 · 20+ years experience
Cyvra & ISO 27001

We take businesses from checklist to certificate

The checklist shows you where the gaps are. Cyvra builds the plan to close them and guides your team through every step of the certification process.

Gap Analysis
We map your current state against every ISO 27001 requirement and hand you a prioritised remediation plan with clear ownership and timelines.
Implementation Support
Our consultants work alongside your team to build the policies, procedures, and technical controls the standard requires, without overcomplicating things.
Certification Readiness
We run your internal audit, prepare the evidence pack, and work through any findings before your external auditor arrives. Businesses we support often pass first time.
Netherlands-based, delivery in English and Dutch
CISM-certified lead consultants with 20+ years of hands-on security experience
We implement alongside your team, not just produce advisory reports
Clients across financial services, healthcare, and hospitality
What's Inside

Full control coverage

Every clause and control from the 2022 revision. Nothing omitted or rolled up.

Clauses
4 – 10
ISMS Mandatory Requirements
Context, leadership, planning (risk assessment, risk treatment, SoA), support, operations, performance evaluation, improvement
25 checks
Annex A.5
Organisational Controls
Policies, roles, segregation of duties, supplier security, threat intelligence, asset management, information classification
37 controls
Annex A.6
People Controls
Screening, security awareness and training, disciplinary process, remote working, confidentiality agreements
8 controls
Annex A.7
Physical Controls
Physical perimeters, entry controls, secure areas, equipment security, clear desk and screen policy
14 controls
Annex A.8
Technological Controls
Identity management, malware protection, backup, logging and monitoring, encryption, vulnerability management, network security, secure coding
34 controls
How to Use

Up and running in minutes

No software to install. Works in Chrome, Edge, or Firefox.

1
Download and open
Save the HTML file to your computer and open it in any modern browser. Nothing to install or configure.
2
Mark each control
Click any status badge to cycle through YES / PARTIAL / NO / N/A. The compliance score updates live. Click in the Evidence or Notes column to type directly.
3
Save as PDF
Use Ctrl+P to print or export as PDF. The layout is optimised across six pages ready to share with your team or auditor.
Commonly Asked Questions

ISO 27001: what to expect

How long does ISO 27001 certification take?
For most SMEs, the full process from gap analysis to certification audit takes 6 to 12 months. Businesses with existing security controls in place can move faster. Cyvra's structured approach keeps things on track and avoids the common delays caused by scope creep and incomplete documentation.
Do we need an external auditor?
Yes. ISO 27001 certification requires a Stage 1 (documentation review) and Stage 2 (on-site audit) carried out by an accredited certification body such as BSI, Bureau Veritas, or LRQA. Cyvra prepares you for both stages and can recommend a suitable body based on your sector and budget.
How much does ISO 27001 certification cost?
Certification body fees for an SME typically run between €3,000 and €8,000 depending on organisation size and chosen body. Cyvra's consultancy is scoped to your situation. Contact us for a fixed-fee proposal with no hidden costs.
Is ISO 27001 mandatory for our business?
Not universally, but it is increasingly required by enterprise procurement, public sector contracts, and regulated industries such as financial services and healthcare. NIS2 also makes strong information security management a legal obligation for many organisations operating in the EU. Getting certified now puts you ahead of the curve.

Download the checklist

No email, no sign-up. Download it, use it as many times as you need, and share it with your team. When the results show gaps you need to close, that is where Cyvra comes in.

Download Free Checklist Read our ISO 27001 guide

ISO/IEC 27001:2022 • 118 check items • 6 pages • Interactive HTML

This checklist consists of

118
Check Items
93
Annex A Controls
6
Print Pages

Let's get you certified.

We handle the gap analysis, documentation, internal audit, and certification prep. You focus on your business.

Get in touch