ISMS Journey
Demo Mode
J
Jane Cooper
jane@acmecorp.com
Sign Up
All data is fictional
ISMS Journey
Your guided path to ISO 27001:2022 certification
73%
Overall completion
Overall ISMS Progress
73%
Phase 1
Complete
Phase 2
85% done
Phase 3
60% done
Phase 4
30% done
Phase 1
Establish Your ISMS
Scoping, context, policy framework
100% Complete
Define organisational context
Internal/external factors, strategic direction
Done
Identify interested parties
Stakeholder register with needs & expectations
Done
Define ISMS scope
Documented scope covering people, systems, locations
Done
Establish information security policy
Top-level policy approved by leadership
Done
Assign roles and responsibilities
RACI matrix and job descriptions updated
Done
Complete legal register
All applicable laws and regulations documented
Done
Phase 2
Implement Controls
Risk assessment, control selection, SOA
85%
Complete asset inventory
All information assets classified and registered
Done
Conduct risk assessment
All risks identified, assessed, and assigned
Done
Produce Statement of Applicability
All 93 Annex A controls reviewed and justified
Done
Implement priority controls
High-priority controls from SOA in place
Done
Collect & link evidence for all controls
Evidence gathered for 68 of 86 in-scope controls
In Progress
Complete physical security controls
A.7.4 monitoring still in planning stage
In Progress
Finalise supplier security programme
Remaining 6 vendors to be assessed
Pending
Phase 3
Monitor & Improve
Internal audit, measurement, management review
60%
Define security objectives for 2026
10 measurable objectives with owners & target dates
Done
Conduct penetration test
External pentest completed Aug 2025, findings tracked
Done
Internal audit programme
3 of 5 audit areas completed
In Progress
Management review meeting
Scheduled Q1 2026 — agenda being prepared
Pending
Corrective actions for all non-conformities
4 open items from internal audit
Pending
Phase 4
Certify & Maintain
External audit, certification, surveillance
30%
Select certification body
UKAS-accredited CB engaged — BSI Group
Done
Stage 1 Audit — Documentation Review
Booked for March 2026; pre-submission underway
Scheduled
Stage 2 Audit — On-site Audit
Target May 2026
Pending
Resolve audit non-conformities
Response within 90 days of Stage 2
Pending
Receive ISO 27001:2022 Certificate
Target: 30 June 2026
Pending
Annual surveillance audits
Years 1 & 2 post-certification
Future
This Feature Requires a Plan
Sign up to get full access.
View Plans
Back to Demo