ISO-015
gapISO 27001 Control 015
Severity 5; 3 evidence expectations are missing in the current public sample.
PUBLIC PREVIEWiso_27001Aligned: 2026-03-14
ISO 27001 Readiness
A readiness-oriented evidence pack mapped to ISO/IEC 27001:2022 Annex A references, designed for teams that need a concrete baseline before formal audit work.
This page is a public-safe wrapper over the real artifacts. It shows the review shape and posture of the current pack without making the full pack the default public surface.
Who it is for
- Teams preparing for an ISO 27001 programme, internal readiness push, or pre-audit evidence review.
- Operators who need a disciplined control baseline before engaging an external certification body.
- Buyers who want to inspect evidence quality rather than rely on checkbox policy claims.
Civitas preview document
ISO 27001 Readiness
Public preview derived from the real pack. Includes the reviewer summary, representative controls, representative gaps, and artifact posture.
Pack ID: PACK-001
Public alignment: 2026-03-14
Public source: Canonical public specimen
Verification: OK
Total controls
93
Visible gaps
93
Claims
2
Verifier
15
Reviewer summary
The artifact structure is verified, but the current sample remains gap-heavy: 93 of 93 controls are marked as gaps in the current public output.
The declared in-scope statement is "Vendor security control assessment", and the declared out-of-scope statement is "Penetration testing and red teaming". This is a public preview, not the full control matrix.
Current posture
Verified structure
Public context: Curated preview over the real artifacts
Boundary: Full pack retained for customer delivery
Sealed artifacts: 6
Verify model: Local confirmation of the complete pack
Representative controls
| ID | Objective | Severity | Status |
|---|---|---|---|
| ISO-001 | Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence. | 1 | gap |
| ISO-002 | Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence. | 2 | gap |
| ISO-003 | Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence. | 3 | gap |
Representative gaps
ISO-020
gapISO 27001 Control 020
Severity 5; 3 evidence expectations are missing in the current public sample.
ISO-040
gapISO 27001 Control 040
Severity 5; 3 evidence expectations are missing in the current public sample.
Sample artifact block
Decision preview
The complete HTML/PDF exists in the real pack. Here we expose only the cover, summary, and reviewer posture.
Integrity and verification
Verifier OK: yes; 15 checked entries; 6 sealed artifacts.
Public boundary
The complete control matrix, full evidence trace, full run log, and raw pack.zip remain in internal or customer-delivery context.
What it helps produce
- A structured readiness pack with traceable outputs, public artifacts, and reviewer-facing decisions.
- A high-signal baseline for identifying evidence coverage and readiness gaps before formal assessment.
- A deterministic artifact path that can be shared across leadership, audit, and customer-facing review.
What it covers at a high level
- Governance, policy, and accountability signals aligned to Annex A themes.
- Asset, access, operations, supplier, and incident-readiness control areas.
- Business continuity, backup, monitoring, and change-discipline evidence paths.
What it does not claim
- ISO certification, auditor sign-off, or a substitute for formal audit scope.
- Complete conformity without the organisation's full ISMS and external assessment context.
Full artifacts in customer delivery
DecisionPack.html
Browser-readable decision surface for reviewer inspection.
DecisionPack.pdf
Print-ready decision pack for procurement, audit, and leadership review.
DecisionPack.manifest.json
Artifact manifest and pack metadata for traceability.
DecisionPack.seal.json
Deterministic seal metadata for integrity review.
pack.zip
Pack archive delivered for local inspection and replay.
verify.json
Verifier output expected to resolve to a passing state on a valid public pack.
SHA256.txt
Checksums for reviewer-side integrity confirmation.
Those artifacts remain real and unchanged. The difference is only public exposure: the preview is default, not the full dump.
Relevant next steps
The public preview demonstrates the real product shape. The complete pack, full mapping, and full delivery remain available in customer-delivery or controlled demo context.