We all have been in this situation before, been eager and inquisitive to know how far have we reached on our implementation…are we ready to be audited by the auditors…??? Are we comfortable to ask the auditors to take a stroll through our organization…???
Now here is a spreadsheet that will help you understand your compliance level right from the beginning to the end of your implementation process. This document has three sheets out of which two shows you the status of implementation based on each control objective and each domain.
All you need to do is to ask yourself / team / organization the question that is posted against each control and put in your answers in the column called “Findings”. Once this is done, you will be able to determine the level of implementation. Put in the percentage of completion in the “Status (%)” column against each control.
The value in the “Status (%)” will be in the range of 0 -100 and you can mention NA or any other value to denote that a particular control is not applicable. Kindly note that if there is any control that is not applicable to your organization, then your cumulative results on the other two sheets will show either not completed or partial. To avoid such situation, mention Not Applicable in your findings and put in the value 100 in the status field. This will ensure that your report is accurate.
By going to the other two sheets you will be able to understand the level of implementation. This is also useful when you want to project to the management on your progress of implementation.
The graphical representation sheet will give you the graphical view of your status, which can be incorporated into your management presentation.
You can download the file here.
ISO 27001 Compliance Checklist
Note: Since the site does not allow uploads of .xls files, I have renamed this file as .pdf. All you need to do is right click on the link to download the file, save it on your machine and rename the extension back to .xls and you are ready to go. Cheers!!!
#1 by Ramachandran on August 20th, 2008
Quote
Nice one. Compliments for the efforts put in.
Scope exists for fine tuning, elaborating wherever needed, and using it effectively.
Thanks for the free download
#2 by Ganesh on September 15th, 2008
Quote
Thanks for the information..but not able to download PDF file says ..pdf file is not available..can please check it out…Its really good for novice..
#3 by Ganesh.. on September 16th, 2008
Quote
Hi
This is good one..to checkout wehere we stands..
#4 by Samrat on October 16th, 2008
Quote
Hi Vinod,
I am unable to download this file. Could you please send me on my mail ID, if you wont mind, as it is giving some error from the referred link.
I would highly appreciate, if you could render me this help.
Regards
Samrat
#5 by npnguyen on October 17th, 2008
Quote
Thanks for your file attach.
Very good.
Cheer
Npnguyen
#6 by Paramonov on November 6th, 2008
Quote
It has long been looking for this information, thank you.
#7 by vivek on November 20th, 2008
Quote
simple & understandable. Thanks!!
#8 by Butrint on December 9th, 2008
Quote
I would like to thank you for providing this useful tool.
I would appreciate if you may provide to me any methodology or template of risk assessment and risk treatment plan.
Thanks in advance.
#9 by Amol on June 12th, 2010
Quote
This is the great sheet, expecially for the new commer like me.
I am going to use this sheet first and then my own similar to yours by adding few more points.
Thanks once again!