Professional Documents
Culture Documents
Status
100%
Status
90% 100%
80% 90%
70% 80%
60% 70%
50% 60%
40% 50%
10% 20%
Human resources security
Communications security
Supplier relationships
Operations security
Asset management
Access control
10%
Cryptography
0%
Compliance
0%
Ma In Mo Pr Du Te Re In Me Bu Us Us Sy Cr Se Eq Op Pr Ba Lo Co Te In Ne In Se Se Te In Su Ma In Re Co In
na te bi io ri rm sp fo di si er er st yp cu ui er ot ck gg nt ch fo tw fo cu cu st fo pp na fo du mp fo
ge rn le r ng in on rm a ne ac re em og re pm at ec up in ro ni rm or rm ri ri da rm li ge rm nd li rm
me al de to em at ib at ha ss ce sp an ra ar en io ti g l ca at k at ty ty ta at er me at an an at
nt Or vi em pl io il io nd re ss on d ph ea t na on an of l io se io re in io se nt io ci ce io
di ga ce pl oy n it n li qu ma si ap ic s l fr d op vu n cu n qu de n rv of n es wi n
re ni s oy me an y cl ng ir na bi pl co pr om mo er ln sy ri tr ir ve se ic in se th se
ct sa an me nt d fo as em ge li ic nt oc ma ni at er st ty an em lo cu e fo cu le cu
io ti d nt ch r si en me ti at ro ed lw to io ab em ma sf en pm ri de se ri ga ri
n on te an as fi ts nt es io ls ur ar ri na il s na er ts en ty li c ty l ty
fo le ge se ca fo n es e ng l it au ge of t in ve in co an re
r wo of ts ti r ac an so y di me in an su ry ci nt d vi
in rk em on ac ce d ft ma t nt fo d pp ma de in co ew
fo in pl ce ss re wa na co rm su li na nt ui nt s
rm g oy ss co sp re ge ns at pp er ge s ty ra
at me co nt on me id io or re me & ct
io nt nt ro si nt er n t la nt im ua
n ro l bi at sy pr ti pr l
se l li io st oc on ov re
cu ti ns em es sh em qu
ri es s se ip en ir
ty s s ts em
en
ts
A.10
A.11
A.12
A.13
A.14
A.15
A.16
A.18
A.5
A.6
A.7
A.8
A.9
www.halkynconsulting.co.uk info@halkynconsulting.co.uk
Overview
This tool is designed to assist a skilled and experienced professional ensure that the relevant control
areas of ISO / IEC 27001:2013 have been addressed.
This tool does not constitute a valid assessment and the use of this tool does not confer ISO/IEC
27001:2013 certification. The findings here must be confirmed as part of a formal audit / assessment
visit.
Pre-assessment
1. Determine assessment scope. Work with the relevant business stakeholders to
determine what the appropriate scope of the
assessment is.
Assessment
4. Review control areas. Work through the tool kit, reviewing the
evidence for each control and determining how
compliant it is with the requirements.
The toolkit allows for this to be done in 5%
increments.
5. Determine level of compliance. On completion of the review, the tool kit will
give you an overall level of compliance by control
area and by individual controls.
Post Assessment
6. Record areas of weakness Make a note of any areas where compliance is
unsuitable (normally less than 90%)
7. Determine improvement plan For each area of weakness, work with the
relevant business stakeholders to determine
how the control can be improved.
Page 3 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Page 4 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Page 5 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Page 6 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Page 7 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Is there a formal procedure governing how
A.8.3.2 Disposal of media 0%
removable media is disposed?
Page 8 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Page 9 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
A.10 Cryptography
A.10.1 Cryptographic controls
Is there a policy on the use of cryptographic
A.10.1.1 Policy on the use of cryptographic controls 0%
controls?
Is there a policy governing the whole lifecycle
A.10.1.2 Key management 0%
of cryptographic keys?
A.11 Physical and environmental security
A.11.1 Secure areas
Page 10 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
A.11.2 Equipment
Page 11 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
A.11.2.9 Clear desk and clear screen policy 1. Is there a clear desk / clear screen policy? 0%
2. Is this well enforced?
Page 12 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
A.12.3 Backup
Page 13 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Page 14 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Page 15 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
A.14.2.2 System change control procedures Is there a formal change control process? 0%
Is there a process to ensure a technical review
Technical review of applications after
A.14.2.3 is carried out when operating platforms are 0%
operating platform changes
changed?
Page 16 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Page 17 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Page 18 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Page 19 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
Verify, review and evaluate information Are continuity plans validated and verified at
A.17.1.3 0%
security continuity regular intervals?
A.17.2 Redundancies
Page 20 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO 27001:2013 Halkyn Consulting Ltd
Compliance Checklist
A.18.2 Information security reviews
Page 21 of 23 11/12/2020
www.halkynconsulting.co.uk
ISO27001:2013 Compliance info@halkynconsulting.co.uk
Status Report
Overall Compliance 0%