Skip to content
Kellwick

Self-assessment

Would your ISMS survive an audit?

Twelve honest questions across the areas auditors and enterprise buyers probe hardest. You will get an indicative readiness score and a recommended next step. Takes about two minutes.

0 of 12 answered0%
  1. 01

    Scope

    Is your ISMS scope written down and does it match the systems, data and teams you actually operate?

  2. 02

    Risk

    Is your risk register current, with named owners and treatment decisions - not a static template?

  3. 03

    Statement of Applicability

    Does your Statement of Applicability match your risks and your real controls, with justified inclusions and exclusions?

  4. 04

    Evidence

    Could you produce dated evidence for your key controls across the last several months, without a scramble?

  5. 05

    Access reviews

    Do access reviews happen on a stated cadence, with recorded decisions and proof that access was actually removed?

  6. 06

    Supplier risk

    Do you have a current list of suppliers and subprocessors, with proportionate, repeated reviews of the important ones?

  7. 07

    Incidents

    Are incidents - including small ones - logged, triaged and closed with corrective actions and evidence?

  8. 08

    Change & release

    Do your changes and releases leave a durable record (ticket, review, test, deployment) you could show an auditor?

  9. 09

    Management review

    Does management review happen on a schedule and produce real decisions and tracked follow-ups, not just minutes?

  10. 10

    Internal audit

    Is your internal audit independent, planned and evidenced, with findings that feed corrective actions?

  11. 11

    Control ownership

    Does every control have a named owner who runs it and produces evidence as part of their normal work?

  12. 12

    Enterprise trust

    Can you answer enterprise security questionnaires quickly, with evidence, without stalling the deal?

Answer all 12 questions to see your score.