Achieve ISO 27001 readiness

Step-by-step

1. 1 In the sidebar, open 'Posture Management' then 'Compliance' and click 'New Initiative'.
2. 2 In 'Start Initiative', select the ISO 27001 framework. If it is not in your library, click 'Create custom framework' and build it as a Standard framework with its objectives and Annex A controls.
3. 3 Set the name and the From and To dates that match your certification timeline.
4. 4 On the Mapping step, review 'Mapped Controls' and open 'View Relationship Map' to see where ISO 27001 controls overlap with frameworks you already run, so you assess shared controls once.
5. 5 On the Delegate step, assign an accountable owner and business sponsor, add the collaborators who will respond, and attach an approval workflow for evidence sign-off. Submit.
6. 6 Open the initiative, go to the controls tab, and set the assessment response for each control, prioritizing the Annex A domains with the most exposure.
7. 7 On the 'Artefacts' tab, use 'Self-Provision' to upload the policies, procedures, and records each control requires, and reuse evidence across mapped controls.
8. 8 Connect your tools under 'Account' then 'Integrations' to automate this: their security and compliance checks run as automated control assessments, and supporting evidence and snapshots are collected automatically via the integrations, cutting manual evidence collection.
9. 9 On the overview, work the gaps by severity: start a remediation with an owner and target date, or request a time-bound exception for risks you formally accept.
10. 10 Track readiness on the posture score, in 'Report' then 'Trust Intelligence' under 'Overall Compliance', and prepare a certification audit once controls and evidence are complete.