How close is your ISMS to ISO/IEC 27001 certification?
ISO/IEC 27001:2022 certifies that you run a working information security management system, not just a list of controls. This six-question check gives you an honest readiness tier and shows where the gap sits before a certification body's auditor finds it for you.
ISO 27001 readiness assessment
What is ISO/IEC 27001?
ISO/IEC 27001:2022 is the international standard for an information security management system (ISMS). It sets out how an organisation plans, runs, reviews, and improves its security, covering clauses 4 to 10 plus reference controls in Annex A. Certification proves an independent auditor checked the system works.
What changed in the 2022 version?
The 2022 update reorganised Annex A from 114 controls into 93, grouped under four themes: Organisational, People, Physical, and Technological. It added 11 new controls, including threat intelligence, information security for cloud services, and secure coding. The transition grace period for 2013 certificates ended on 2025-10-31.
How long does ISO 27001 certification take?
For most organisations, 6 to 9 months is realistic. Small teams with a narrow scope and an existing baseline can reach certification in about 3 months; large businesses can take a year. Control work and documentation are usually the longest phase, with the two-stage audit running 2 to 3 months.