iso 27001 assessment progress

ISO 27001 Assessment Progress Stages

The progress bar helps to ensure all information as part of the Information Security 27001 module are kept up to date, and prompts you to complete the next recommend stage. This figure will degrade as proposed dates, or review dates become overdue. This widget needs to be manually updated using the 'Update' button.
Please see the stages and percentages below.

Setting up the organisation (5%)

At least one sub division from the main root division (2.5%)
Risk appetite has been set (not all red which is the default) (2.5%)

Adding resources and assessing criticality (15%)

A resource exists in each category you've created (5%)
Each resource has a value for CIA that has been assessed in the last 12 months (10%)

Assessing control maturity (30%)

All controls have an owner (5%)
Any controls that are not applicable have been justified (5%)
The maturity has been assessed for each control within the last 12 months (15%)
A recommendation has been provided for each control and the proposed date is not in the past (5%)

Risk assessment (30%)

At least one risk assessment has been created (5%)
Every resource that has been added to the system is within a risk assessment (10%)
Each risk assessment is complete (15%)

Risk treatment (15%)

Risk register contains a risk for every entity threat (5%)
All risks have a strategy (5%)
Any strategies that require an action have a action that is in date (i.e. the proposed date for the action has not passed). (5%)

Risk management (5%)

All actions and risk strategies are in date (5%)


Return to Widgets Explained