ISO 27001 Scorecard

How Strong Is Your ISO 27001 Program?

Whether you're building your ISMS from scratch, preparing for Stage 2 certification, managing surveillance audits, or wondering why your management system still feels like a documentation project, this scorecard shows where your program actually stands.

Start the Scorecard
Under 5 minutes 16 questions Full report by email
Ali Aleali

Ali Aleali, CISSP, CCSP

Co-Founder & Principal Consultant

Former security architect for Bank of Canada and Payments Canada. 20+ years building information security management systems for critical infrastructure.

Connect on LinkedIn
Video walkthrough coming soon

Scored Across 5 Domains

Each domain maps to ISO 27001:2022 clauses and Annex A controls. The scorecard measures your management system, not just your documentation.

Clauses 4-6 · SoA

ISMS Foundation

Scope definition, risk assessment, Statement of Applicability. The management system your auditor evaluates at Stage 2.

Annex A 5.15-5.18 · 8.x

Technical Controls

Access management, security monitoring, change management. The Annex A controls that protect your information assets.

Clause 7.5 · 9.2

Evidence & Audit Readiness

Documented information, evidence organization, internal audit confidence. The difference between a scramble and a review.

Clauses 5.1 · 9.3 · 10

Program Operations

ISMS ownership, management reviews, continual improvement. Whether your system runs on autopilot or heroics.

Clause 7.1 · Annex A

Efficiency & Scale

Time spent on compliance, framework extensibility. Whether adding SOC 2 means a rebuild or a mapping exercise.

How It Works

1

Answer 16 Questions

Practical questions about how your ISMS actually operates, mapped to ISO 27001:2022 clauses and Annex A controls. No trick questions.

2

Get Your Score

See your overall tier and which domains are strong and which need work, scored against what certification auditors actually evaluate.

3

Receive Your Report

A detailed report with domain breakdowns and prioritized recommendations lands in your inbox. No sales pitch, just actionable next steps.

"This scorecard is built from patterns across dozens of ISO 27001 and ISMS engagements. The questions map to real control gaps and operational maturity across all 93 Annex A controls, not textbook checklists. Whether you're pre-certification or managing surveillance audits, it measures the management system underneath the compliance."

— Ali Aleali, CISSP, CCSP

Ready? Start Your Scorecard

16 questions. Under 5 minutes. Results you can act on.

Rather talk to a human?

If you already know where you stand and want to discuss building an effective security program, we're here.

Book a Strategy Call