Interested in an ISO 27001 Checklist to see how ready you are for a certification audit?
Did you know…
Google reports people search for “ISO 27001 Checklist” almost 1,000 times per month! It’s clear people are interested in knowing how close they are to certification and think a checklist will help them determine just that.
If you are one of those people, keep reading…
The Problem with Providing a Checklist for ISO 27001
Here at Pivot Point Security, our ISO 27001 expert consultants have repeatedly told me not to hand organizations looking to become ISO 27001 certified a “to-do” checklist. Apparently, preparing for an ISO 27001 audit is a little more complicated than just checking off a few boxes.
When I asked for specifics, this is what I received…
If you were a college student, would you ask for a checklist on how to receive a college degree? Of course not! Everyone is an individual. College students place different constraints on themselves to achieve their academic goals based on their own personality, strengths & weaknesses. No one set of controls is universally successful.
Clearly there are best practices: study regularly, collaborate with other students, visit professors during office hours, etc. but these are just helpful guidelines. The fact is, partaking in all these actions or none of them will not guarantee any one individual a college degree.
This is exactly how ISO 27001 certification works. Yes, there are some standard forms and procedures to prepare for a successful ISO 27001 audit, but the presence of these standard forms & procedures does not reflect how close an organization is to certification. It’s not just the presence of controls that allow an organization to be certified, it’s the existence of an ISO 27001 conforming management system that rationalizes the right controls that fit the need of the organization that determines successful certification.
So where do we stand?
Problem: People looking to see how close they are to ISO 27001 certification want a checklist, but a checklist will ultimately give inconclusive and possibly misleading information.
Solution: An ISO 27001 Roadmap
Stay away from any ISO 27001 Checklist to determine how close you are to certification. If you can check off 80% of the boxes on a checklist that may or may not indicate, you are 80% of the way to certification.
Instead, focus on clarifying your journey to certification. This is a far more accurate way of determining how close you are to certification. To guide you on your journey, download our ISO 27001 Roadmap. The roadmap will give you context for what you need to focus on holistically rather than specific tasks to complete (which aligns with the ISO 27001 standard).
If you want to bypass the roadmap altogether and talk through your ISO 27001 certification process with an implementation expert, contact Pivot Point Security.