All Tools

ISO 27001 Gap Assessment

Rate your organization against representative ISO/IEC 27001:2022 Annex A controls across all four themes. Get an ISMS maturity score, a per-theme breakdown, and the gaps to close before a certification audit.

0%
Your biggest gaps
    This is a directional maturity read, not a certification. The controls below are a representative sample drawn from the four ISO/IEC 27001:2022 Annex A themes (Organizational, People, Physical, Technological), which contain 93 controls in total. A full gap assessment reviews every applicable control against your Statement of Applicability, plus the ISMS management clauses (4 to 10). Certification itself is granted by an accredited certification body after a Stage 1 and Stage 2 audit. Use this to prioritize, then validate with a formal assessment.

    Questions

    How many controls does ISO 27001:2022 Annex A have?

    ISO/IEC 27001:2022 Annex A lists 93 controls grouped into four themes: Organizational, People, Physical, and Technological. This tool samples a representative set from each theme so you can gauge maturity quickly; a full gap assessment reviews all 93.

    Does a high score mean I am certified?

    No. Certification is granted by an accredited certification body after a Stage 1 and Stage 2 audit of your Information Security Management System. This tool gives a directional read on maturity so you can prioritize before that audit.

    What is the difference between the clauses and Annex A?

    Clauses 4 to 10 define the ISMS management system requirements, such as scope, leadership, risk assessment, and continual improvement. Annex A is the reference set of 93 controls you select from via a Statement of Applicability. Both are needed for certification.

    Is this tool free?

    Yes, it is free with no signup and nothing you rate is sent anywhere. If you want help building the ISMS and getting audit-ready, our team runs the process end to end.

    Not ready for a call yet?

    Get the compliance playbook

    A few short notes from Jacob on standing up an ISO 27001 ISMS without months of pain. No fluff, unsubscribe in one click. Reply anytime; it reaches him directly.

    From Jacob Masse, founder of traztech. No spam, unsubscribe in one click.

    Want it done for you?

    ISO 27001 Readiness

    We run the ISMS build and readiness end to end.

    Explore ISO 27001 Readiness →

    Want ISO 27001 done right?

    We build the ISMS, run the risk assessment, write the Statement of Applicability, and get you audit-ready, then coordinate with your certification body. Turn this score into a plan.

    See ISO 27001 Readiness Book a call