Executive Summary
| Severity-weighted score | 0.0% |
|---|---|
| Total controls | 93 |
| Met | 0 |
| Partial | 0 |
| Gap | 93 |
Key Gaps
ISO-015ISO 27001 Control 015 - gap - severity 5 - missing evidence 3ISO-020ISO 27001 Control 020 - gap - severity 5 - missing evidence 3ISO-040ISO 27001 Control 040 - gap - severity 5 - missing evidence 3ISO-060ISO 27001 Control 060 - gap - severity 5 - missing evidence 3ISO-080ISO 27001 Control 080 - gap - severity 5 - missing evidence 3ISO-085ISO 27001 Control 085 - gap - severity 5 - missing evidence 3ISO-005ISO 27001 Control 005 - gap - severity 5 - missing evidence 2ISO-010ISO 27001 Control 010 - gap - severity 5 - missing evidence 2ISO-025ISO 27001 Control 025 - gap - severity 5 - missing evidence 2ISO-030ISO 27001 Control 030 - gap - severity 5 - missing evidence 2ISO-035ISO 27001 Control 035 - gap - severity 5 - missing evidence 2ISO-045ISO 27001 Control 045 - gap - severity 5 - missing evidence 2
Full Controls Table
| control_id | title | objective | evidence expectations | status | severity | evidence_count |
|---|---|---|---|---|---|---|
ISO-001 | ISO 27001 Control 001 | Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence. | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-002 | ISO 27001 Control 002 | Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-003 | ISO 27001 Control 003 | Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-004 | ISO 27001 Control 004 | Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-005 | ISO 27001 Control 005 | Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-006 | ISO 27001 Control 006 | Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-007 | ISO 27001 Control 007 | Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-008 | ISO 27001 Control 008 | Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-009 | ISO 27001 Control 009 | Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-010 | ISO 27001 Control 010 | Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-011 | ISO 27001 Control 011 | Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-012 | ISO 27001 Control 012 | Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-013 | ISO 27001 Control 013 | Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-014 | ISO 27001 Control 014 | Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence. | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-015 | ISO 27001 Control 015 | Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-016 | ISO 27001 Control 016 | Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-017 | ISO 27001 Control 017 | Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-018 | ISO 27001 Control 018 | Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-019 | ISO 27001 Control 019 | Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-020 | ISO 27001 Control 020 | Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-021 | ISO 27001 Control 021 | Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-022 | ISO 27001 Control 022 | Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-023 | ISO 27001 Control 023 | Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-024 | ISO 27001 Control 024 | Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-025 | ISO 27001 Control 025 | Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-026 | ISO 27001 Control 026 | Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-027 | ISO 27001 Control 027 | Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence. | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-028 | ISO 27001 Control 028 | Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-029 | ISO 27001 Control 029 | Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-030 | ISO 27001 Control 030 | Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-031 | ISO 27001 Control 031 | Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-032 | ISO 27001 Control 032 | Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-033 | ISO 27001 Control 033 | Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-034 | ISO 27001 Control 034 | Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-035 | ISO 27001 Control 035 | Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-036 | ISO 27001 Control 036 | Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-037 | ISO 27001 Control 037 | Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-038 | ISO 27001 Control 038 | Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-039 | ISO 27001 Control 039 | Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-040 | ISO 27001 Control 040 | Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence. | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-041 | ISO 27001 Control 041 | Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-042 | ISO 27001 Control 042 | Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-043 | ISO 27001 Control 043 | Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-044 | ISO 27001 Control 044 | Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-045 | ISO 27001 Control 045 | Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-046 | ISO 27001 Control 046 | Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-047 | ISO 27001 Control 047 | Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-048 | ISO 27001 Control 048 | Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-049 | ISO 27001 Control 049 | Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-050 | ISO 27001 Control 050 | Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-051 | ISO 27001 Control 051 | Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-052 | ISO 27001 Control 052 | Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-053 | ISO 27001 Control 053 | Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence. | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-054 | ISO 27001 Control 054 | Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-055 | ISO 27001 Control 055 | Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-056 | ISO 27001 Control 056 | Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-057 | ISO 27001 Control 057 | Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-058 | ISO 27001 Control 058 | Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-059 | ISO 27001 Control 059 | Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-060 | ISO 27001 Control 060 | Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-061 | ISO 27001 Control 061 | Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-062 | ISO 27001 Control 062 | Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-063 | ISO 27001 Control 063 | Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-064 | ISO 27001 Control 064 | Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-065 | ISO 27001 Control 065 | Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-066 | ISO 27001 Control 066 | Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence. | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-067 | ISO 27001 Control 067 | Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-068 | ISO 27001 Control 068 | Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-069 | ISO 27001 Control 069 | Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-070 | ISO 27001 Control 070 | Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-071 | ISO 27001 Control 071 | Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-072 | ISO 27001 Control 072 | Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-073 | ISO 27001 Control 073 | Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-074 | ISO 27001 Control 074 | Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-075 | ISO 27001 Control 075 | Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-076 | ISO 27001 Control 076 | Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-077 | ISO 27001 Control 077 | Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-078 | ISO 27001 Control 078 | Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-079 | ISO 27001 Control 079 | Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence. | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-080 | ISO 27001 Control 080 | Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-081 | ISO 27001 Control 081 | Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence. | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-082 | ISO 27001 Control 082 | Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence. | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-083 | ISO 27001 Control 083 | Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-084 | ISO 27001 Control 084 | Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-085 | ISO 27001 Control 085 | Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence. | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-086 | ISO 27001 Control 086 | Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence. | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-087 | ISO 27001 Control 087 | Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-088 | ISO 27001 Control 088 | Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
ISO-089 | ISO 27001 Control 089 | Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 4 | 0 |
ISO-090 | ISO 27001 Control 090 | Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 5 | 0 |
ISO-091 | ISO 27001 Control 091 | Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence. | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. | gap | 1 | 0 |
ISO-092 | ISO 27001 Control 092 | Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence. | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. | gap | 2 | 0 |
ISO-093 | ISO 27001 Control 093 | Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence. | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. | gap | 3 | 0 |
Gap Register
| control_id | title | status | severity | evidence_count | missing_evidence | evidence expectations |
|---|---|---|---|---|---|---|
ISO-001 | ISO 27001 Control 001 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-002 | ISO 27001 Control 002 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-003 | ISO 27001 Control 003 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-004 | ISO 27001 Control 004 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-005 | ISO 27001 Control 005 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-006 | ISO 27001 Control 006 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-007 | ISO 27001 Control 007 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-008 | ISO 27001 Control 008 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-009 | ISO 27001 Control 009 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-010 | ISO 27001 Control 010 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-011 | ISO 27001 Control 011 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-012 | ISO 27001 Control 012 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-013 | ISO 27001 Control 013 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-014 | ISO 27001 Control 014 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-015 | ISO 27001 Control 015 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-016 | ISO 27001 Control 016 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-017 | ISO 27001 Control 017 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-018 | ISO 27001 Control 018 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-019 | ISO 27001 Control 019 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-020 | ISO 27001 Control 020 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-021 | ISO 27001 Control 021 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-022 | ISO 27001 Control 022 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-023 | ISO 27001 Control 023 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-024 | ISO 27001 Control 024 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-025 | ISO 27001 Control 025 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-026 | ISO 27001 Control 026 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-027 | ISO 27001 Control 027 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-028 | ISO 27001 Control 028 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-029 | ISO 27001 Control 029 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-030 | ISO 27001 Control 030 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-031 | ISO 27001 Control 031 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-032 | ISO 27001 Control 032 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-033 | ISO 27001 Control 033 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-034 | ISO 27001 Control 034 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-035 | ISO 27001 Control 035 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-036 | ISO 27001 Control 036 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-037 | ISO 27001 Control 037 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-038 | ISO 27001 Control 038 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-039 | ISO 27001 Control 039 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-040 | ISO 27001 Control 040 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-041 | ISO 27001 Control 041 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-042 | ISO 27001 Control 042 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-043 | ISO 27001 Control 043 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-044 | ISO 27001 Control 044 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-045 | ISO 27001 Control 045 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-046 | ISO 27001 Control 046 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-047 | ISO 27001 Control 047 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-048 | ISO 27001 Control 048 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-049 | ISO 27001 Control 049 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-050 | ISO 27001 Control 050 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-051 | ISO 27001 Control 051 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-052 | ISO 27001 Control 052 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-053 | ISO 27001 Control 053 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-054 | ISO 27001 Control 054 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-055 | ISO 27001 Control 055 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-056 | ISO 27001 Control 056 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-057 | ISO 27001 Control 057 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-058 | ISO 27001 Control 058 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-059 | ISO 27001 Control 059 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-060 | ISO 27001 Control 060 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-061 | ISO 27001 Control 061 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-062 | ISO 27001 Control 062 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-063 | ISO 27001 Control 063 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-064 | ISO 27001 Control 064 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-065 | ISO 27001 Control 065 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-066 | ISO 27001 Control 066 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-067 | ISO 27001 Control 067 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-068 | ISO 27001 Control 068 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-069 | ISO 27001 Control 069 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-070 | ISO 27001 Control 070 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-071 | ISO 27001 Control 071 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-072 | ISO 27001 Control 072 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-073 | ISO 27001 Control 073 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-074 | ISO 27001 Control 074 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-075 | ISO 27001 Control 075 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-076 | ISO 27001 Control 076 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-077 | ISO 27001 Control 077 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-078 | ISO 27001 Control 078 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-079 | ISO 27001 Control 079 | gap | 4 | 0 | 3 | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-080 | ISO 27001 Control 080 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-081 | ISO 27001 Control 081 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-082 | ISO 27001 Control 082 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-083 | ISO 27001 Control 083 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-084 | ISO 27001 Control 084 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-085 | ISO 27001 Control 085 | gap | 5 | 0 | 3 | Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-086 | ISO 27001 Control 086 | gap | 1 | 0 | 3 | Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-087 | ISO 27001 Control 087 | gap | 2 | 0 | 2 | Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-088 | ISO 27001 Control 088 | gap | 3 | 0 | 2 | Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-089 | ISO 27001 Control 089 | gap | 4 | 0 | 2 | Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-090 | ISO 27001 Control 090 | gap | 5 | 0 | 2 | Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-091 | ISO 27001 Control 091 | gap | 1 | 0 | 2 | Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-092 | ISO 27001 Control 092 | gap | 2 | 0 | 3 | Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found. |
ISO-093 | ISO 27001 Control 093 | gap | 3 | 0 | 3 | Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found. |
Evidence Appendix
ISO-001 - ISO 27001 Control 001
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-002 - ISO 27001 Control 002
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-028 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-003 - ISO 27001 Control 003
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-029 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-004 - ISO 27001 Control 004
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-030 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-005 - ISO 27001 Control 005
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-031 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-006 - ISO 27001 Control 006
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-032 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-007 - ISO 27001 Control 007
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-033 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-008 - ISO 27001 Control 008
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-034 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-009 - ISO 27001 Control 009
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-035 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-010 - ISO 27001 Control 010
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-036 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-011 - ISO 27001 Control 011
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-037 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-012 - ISO 27001 Control 012
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-038 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-013 - ISO 27001 Control 013
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-014 - ISO 27001 Control 014
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-015 - ISO 27001 Control 015
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-028 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-016 - ISO 27001 Control 016
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-029 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-017 - ISO 27001 Control 017
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-030 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-018 - ISO 27001 Control 018
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-031 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-019 - ISO 27001 Control 019
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-032 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-020 - ISO 27001 Control 020
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-033 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-021 - ISO 27001 Control 021
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-034 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-022 - ISO 27001 Control 022
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-035 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-023 - ISO 27001 Control 023
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-036 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-024 - ISO 27001 Control 024
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-037 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-025 - ISO 27001 Control 025
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-038 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-026 - ISO 27001 Control 026
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-027 - ISO 27001 Control 027
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-028 - ISO 27001 Control 028
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-028 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-029 - ISO 27001 Control 029
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-029 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-030 - ISO 27001 Control 030
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-030 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-031 - ISO 27001 Control 031
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-031 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-032 - ISO 27001 Control 032
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-032 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-033 - ISO 27001 Control 033
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-033 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-034 - ISO 27001 Control 034
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-034 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-035 - ISO 27001 Control 035
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-035 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-036 - ISO 27001 Control 036
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-036 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-037 - ISO 27001 Control 037
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-037 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-038 - ISO 27001 Control 038
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-038 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-039 - ISO 27001 Control 039
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-040 - ISO 27001 Control 040
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-041 - ISO 27001 Control 041
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-028 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-042 - ISO 27001 Control 042
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-029 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-043 - ISO 27001 Control 043
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-030 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-044 - ISO 27001 Control 044
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-031 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-045 - ISO 27001 Control 045
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-032 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-046 - ISO 27001 Control 046
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-033 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-047 - ISO 27001 Control 047
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-034 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-048 - ISO 27001 Control 048
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-035 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-049 - ISO 27001 Control 049
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-036 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-050 - ISO 27001 Control 050
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-037 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-051 - ISO 27001 Control 051
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-038 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-052 - ISO 27001 Control 052
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-053 - ISO 27001 Control 053
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-054 - ISO 27001 Control 054
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-028 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-055 - ISO 27001 Control 055
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-029 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-056 - ISO 27001 Control 056
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-030 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-057 - ISO 27001 Control 057
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-031 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-058 - ISO 27001 Control 058
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-032 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-059 - ISO 27001 Control 059
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-033 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-060 - ISO 27001 Control 060
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-034 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-061 - ISO 27001 Control 061
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-035 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-062 - ISO 27001 Control 062
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-036 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-063 - ISO 27001 Control 063
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-037 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-064 - ISO 27001 Control 064
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-038 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-065 - ISO 27001 Control 065
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-066 - ISO 27001 Control 066
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-067 - ISO 27001 Control 067
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-028 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-068 - ISO 27001 Control 068
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-029 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-069 - ISO 27001 Control 069
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-030 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-070 - ISO 27001 Control 070
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-031 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-071 - ISO 27001 Control 071
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-032 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-072 - ISO 27001 Control 072
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-033 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-073 - ISO 27001 Control 073
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-034 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-074 - ISO 27001 Control 074
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-035 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-075 - ISO 27001 Control 075
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-036 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-076 - ISO 27001 Control 076
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-037 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-077 - ISO 27001 Control 077
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-038 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-078 - ISO 27001 Control 078
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-079 - ISO 27001 Control 079
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-080 - ISO 27001 Control 080
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-028 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-081 - ISO 27001 Control 081
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for ASSET/CLASSIFICATION/OWNERSHIP with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating ASSET/CLASSIFICATION/OWNERSHIP governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for ASSET/CLASSIFICATION/OWNERSHIP.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-029 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-082 - ISO 27001 Control 082
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for IDENTITY/ACCESS/MFA with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating IDENTITY/ACCESS/MFA governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for IDENTITY/ACCESS/MFA.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-004 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-017 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-030 - identity access mfa controls evidence owner review register policy log
tags: identity, access, mfa | hits: 0
No direct evidence hits for this query.
ISO-083 - ISO 27001 Control 083
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CRYPTOGRAPHY/ENCRYPTION/KEY_MANAGEMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-005 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-018 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-031 - cryptography encryption key_management controls evidence owner review register policy log
tags: cryptography, encryption, key_management | hits: 0
No direct evidence hits for this query.
ISO-084 - ISO 27001 Control 084
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for LOGGING/MONITORING/RETENTION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating LOGGING/MONITORING/RETENTION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for LOGGING/MONITORING/RETENTION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-006 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-019 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-032 - logging monitoring retention controls evidence owner review register policy log
tags: logging, monitoring, retention | hits: 0
No direct evidence hits for this query.
ISO-085 - ISO 27001 Control 085
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for VULNERABILITY/OPERATIONS/HARDENING with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating VULNERABILITY/OPERATIONS/HARDENING governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for VULNERABILITY/OPERATIONS/HARDENING.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-007 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-020 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-033 - vulnerability operations hardening controls evidence owner review register policy log
tags: vulnerability, operations, hardening | hits: 0
No direct evidence hits for this query.
ISO-086 - ISO 27001 Control 086
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for INCIDENT/RESPONSE/COMMUNICATION with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating INCIDENT/RESPONSE/COMMUNICATION governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for INCIDENT/RESPONSE/COMMUNICATION.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-008 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-021 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-034 - incident response communication controls evidence owner review register policy log
tags: incident, response, communication | hits: 0
No direct evidence hits for this query.
ISO-087 - ISO 27001 Control 087
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for CONTINUITY/RECOVERY/CADENCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating CONTINUITY/RECOVERY/CADENCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for CONTINUITY/RECOVERY/CADENCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-009 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-022 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-035 - continuity recovery cadence controls evidence owner review register policy log
tags: continuity, recovery, cadence | hits: 0
No direct evidence hits for this query.
ISO-088 - ISO 27001 Control 088
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for AUDIT/ASSURANCE/METRICS with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AUDIT/ASSURANCE/METRICS governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AUDIT/ASSURANCE/METRICS.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-010 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-023 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-036 - audit assurance metrics controls evidence owner review register policy log
tags: audit, assurance, metrics | hits: 0
No direct evidence hits for this query.
ISO-089 - ISO 27001 Control 089
gap | severity 4 | evidence_count 0
Ensure ISO 27001 control coverage for SUPPLIER/THIRD_PARTY/CONTRACT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating SUPPLIER/THIRD_PARTY/CONTRACT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for SUPPLIER/THIRD_PARTY/CONTRACT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-011 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-024 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-037 - supplier third_party contract controls evidence owner review register policy log
tags: supplier, third_party, contract | hits: 0
No direct evidence hits for this query.
ISO-090 - ISO 27001 Control 090
gap | severity 5 | evidence_count 0
Ensure ISO 27001 control coverage for AWARENESS/TRAINING/PEOPLE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating AWARENESS/TRAINING/PEOPLE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for AWARENESS/TRAINING/PEOPLE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-012 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-025 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-038 - awareness training people controls evidence owner review register policy log
tags: awareness, training, people | hits: 0
No direct evidence hits for this query.
ISO-091 - ISO 27001 Control 091
gap | severity 1 | evidence_count 0
Ensure ISO 27001 control coverage for PRIVACY/LEGAL/COMPLIANCE with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating PRIVACY/LEGAL/COMPLIANCE governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for PRIVACY/LEGAL/COMPLIANCE.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-013 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-026 - privacy legal compliance controls evidence owner review register policy log
tags: privacy, legal, compliance | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-092 - ISO 27001 Control 092
gap | severity 2 | evidence_count 0
Ensure ISO 27001 control coverage for POLICY/GOVERNANCE/REVIEW with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating POLICY/GOVERNANCE/REVIEW governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for POLICY/GOVERNANCE/REVIEW.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-001 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-014 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-027 - policy governance review controls evidence owner review register policy log
tags: policy, governance, review | hits: 0
No direct evidence hits for this query.
ISO-093 - ISO 27001 Control 093
gap | severity 3 | evidence_count 0
Ensure ISO 27001 control coverage for RISK/REGISTER/TREATMENT with documented ownership and operating cadence.
Expected evidence: Policy/procedure artifact demonstrating RISK/REGISTER/TREATMENT governance and ownership.; Operational evidence (logs, reports, tickets, or records) proving control execution for RISK/REGISTER/TREATMENT.; Recent review evidence with remediation tracking where exceptions were found.
ISO-Q-002 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-003 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-015 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
ISO-Q-016 - asset classification ownership controls evidence owner review register policy log
tags: asset, classification, ownership | hits: 0
No direct evidence hits for this query.
ISO-Q-028 - risk register treatment controls evidence owner review register policy log
tags: risk, register, treatment | hits: 0
No direct evidence hits for this query.
Query Log
| query_id | query_text | tags | hits |
|---|---|---|---|
ISO-Q-001 | policy governance review controls evidence owner review register policy log | policy, governance, review | 0 |
ISO-Q-002 | risk register treatment controls evidence owner review register policy log | risk, register, treatment | 0 |
ISO-Q-003 | asset classification ownership controls evidence owner review register policy log | asset, classification, ownership | 0 |
ISO-Q-004 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
ISO-Q-005 | cryptography encryption key_management controls evidence owner review register policy log | cryptography, encryption, key_management | 0 |
ISO-Q-006 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
ISO-Q-007 | vulnerability operations hardening controls evidence owner review register policy log | vulnerability, operations, hardening | 0 |
ISO-Q-008 | incident response communication controls evidence owner review register policy log | incident, response, communication | 0 |
ISO-Q-009 | continuity recovery cadence controls evidence owner review register policy log | continuity, recovery, cadence | 0 |
ISO-Q-010 | audit assurance metrics controls evidence owner review register policy log | audit, assurance, metrics | 0 |
ISO-Q-011 | supplier third_party contract controls evidence owner review register policy log | supplier, third_party, contract | 0 |
ISO-Q-012 | awareness training people controls evidence owner review register policy log | awareness, training, people | 0 |
ISO-Q-013 | privacy legal compliance controls evidence owner review register policy log | privacy, legal, compliance | 0 |
ISO-Q-014 | policy governance review controls evidence owner review register policy log | policy, governance, review | 0 |
ISO-Q-015 | risk register treatment controls evidence owner review register policy log | risk, register, treatment | 0 |
ISO-Q-016 | asset classification ownership controls evidence owner review register policy log | asset, classification, ownership | 0 |
ISO-Q-017 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
ISO-Q-018 | cryptography encryption key_management controls evidence owner review register policy log | cryptography, encryption, key_management | 0 |
ISO-Q-019 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
ISO-Q-020 | vulnerability operations hardening controls evidence owner review register policy log | vulnerability, operations, hardening | 0 |
ISO-Q-021 | incident response communication controls evidence owner review register policy log | incident, response, communication | 0 |
ISO-Q-022 | continuity recovery cadence controls evidence owner review register policy log | continuity, recovery, cadence | 0 |
ISO-Q-023 | audit assurance metrics controls evidence owner review register policy log | audit, assurance, metrics | 0 |
ISO-Q-024 | supplier third_party contract controls evidence owner review register policy log | supplier, third_party, contract | 0 |
ISO-Q-025 | awareness training people controls evidence owner review register policy log | awareness, training, people | 0 |
ISO-Q-026 | privacy legal compliance controls evidence owner review register policy log | privacy, legal, compliance | 0 |
ISO-Q-027 | policy governance review controls evidence owner review register policy log | policy, governance, review | 0 |
ISO-Q-028 | risk register treatment controls evidence owner review register policy log | risk, register, treatment | 0 |
ISO-Q-029 | asset classification ownership controls evidence owner review register policy log | asset, classification, ownership | 0 |
ISO-Q-030 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
ISO-Q-031 | cryptography encryption key_management controls evidence owner review register policy log | cryptography, encryption, key_management | 0 |
ISO-Q-032 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
ISO-Q-033 | vulnerability operations hardening controls evidence owner review register policy log | vulnerability, operations, hardening | 0 |
ISO-Q-034 | incident response communication controls evidence owner review register policy log | incident, response, communication | 0 |
ISO-Q-035 | continuity recovery cadence controls evidence owner review register policy log | continuity, recovery, cadence | 0 |
ISO-Q-036 | audit assurance metrics controls evidence owner review register policy log | audit, assurance, metrics | 0 |
ISO-Q-037 | supplier third_party contract controls evidence owner review register policy log | supplier, third_party, contract | 0 |
ISO-Q-038 | awareness training people controls evidence owner review register policy log | awareness, training, people | 0 |
ISO-Q-039 | privacy legal compliance controls evidence owner review register policy log | privacy, legal, compliance | 0 |
ISO-Q-040 | policy governance review controls evidence owner review register policy log | policy, governance, review | 0 |
ISO-Q-041 | risk register treatment controls evidence owner review register policy log | risk, register, treatment | 0 |
ISO-Q-042 | asset classification ownership controls evidence owner review register policy log | asset, classification, ownership | 0 |
ISO-Q-043 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
ISO-Q-044 | cryptography encryption key_management controls evidence owner review register policy log | cryptography, encryption, key_management | 0 |
ISO-Q-045 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
ISO-Q-046 | vulnerability operations hardening controls evidence owner review register policy log | vulnerability, operations, hardening | 0 |
ISO-Q-047 | incident response communication controls evidence owner review register policy log | incident, response, communication | 0 |
ISO-Q-048 | continuity recovery cadence controls evidence owner review register policy log | continuity, recovery, cadence | 0 |
ISO-Q-049 | audit assurance metrics controls evidence owner review register policy log | audit, assurance, metrics | 0 |
ISO-Q-050 | supplier third_party contract controls evidence owner review register policy log | supplier, third_party, contract | 0 |
Query Log
| query_id | query_text | tags | hits |
|---|---|---|---|
ISO-Q-001 | policy governance review controls evidence owner review register policy log | policy, governance, review | 0 |
ISO-Q-002 | risk register treatment controls evidence owner review register policy log | risk, register, treatment | 0 |
ISO-Q-003 | asset classification ownership controls evidence owner review register policy log | asset, classification, ownership | 0 |
ISO-Q-004 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
ISO-Q-005 | cryptography encryption key_management controls evidence owner review register policy log | cryptography, encryption, key_management | 0 |
ISO-Q-006 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
ISO-Q-007 | vulnerability operations hardening controls evidence owner review register policy log | vulnerability, operations, hardening | 0 |
ISO-Q-008 | incident response communication controls evidence owner review register policy log | incident, response, communication | 0 |
ISO-Q-009 | continuity recovery cadence controls evidence owner review register policy log | continuity, recovery, cadence | 0 |
ISO-Q-010 | audit assurance metrics controls evidence owner review register policy log | audit, assurance, metrics | 0 |
ISO-Q-011 | supplier third_party contract controls evidence owner review register policy log | supplier, third_party, contract | 0 |
ISO-Q-012 | awareness training people controls evidence owner review register policy log | awareness, training, people | 0 |
ISO-Q-013 | privacy legal compliance controls evidence owner review register policy log | privacy, legal, compliance | 0 |
ISO-Q-014 | policy governance review controls evidence owner review register policy log | policy, governance, review | 0 |
ISO-Q-015 | risk register treatment controls evidence owner review register policy log | risk, register, treatment | 0 |
ISO-Q-016 | asset classification ownership controls evidence owner review register policy log | asset, classification, ownership | 0 |
ISO-Q-017 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
ISO-Q-018 | cryptography encryption key_management controls evidence owner review register policy log | cryptography, encryption, key_management | 0 |
ISO-Q-019 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
ISO-Q-020 | vulnerability operations hardening controls evidence owner review register policy log | vulnerability, operations, hardening | 0 |
ISO-Q-021 | incident response communication controls evidence owner review register policy log | incident, response, communication | 0 |
ISO-Q-022 | continuity recovery cadence controls evidence owner review register policy log | continuity, recovery, cadence | 0 |
ISO-Q-023 | audit assurance metrics controls evidence owner review register policy log | audit, assurance, metrics | 0 |
ISO-Q-024 | supplier third_party contract controls evidence owner review register policy log | supplier, third_party, contract | 0 |
ISO-Q-025 | awareness training people controls evidence owner review register policy log | awareness, training, people | 0 |
ISO-Q-026 | privacy legal compliance controls evidence owner review register policy log | privacy, legal, compliance | 0 |
ISO-Q-027 | policy governance review controls evidence owner review register policy log | policy, governance, review | 0 |
ISO-Q-028 | risk register treatment controls evidence owner review register policy log | risk, register, treatment | 0 |
ISO-Q-029 | asset classification ownership controls evidence owner review register policy log | asset, classification, ownership | 0 |
ISO-Q-030 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
ISO-Q-031 | cryptography encryption key_management controls evidence owner review register policy log | cryptography, encryption, key_management | 0 |
ISO-Q-032 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
ISO-Q-033 | vulnerability operations hardening controls evidence owner review register policy log | vulnerability, operations, hardening | 0 |
ISO-Q-034 | incident response communication controls evidence owner review register policy log | incident, response, communication | 0 |
ISO-Q-035 | continuity recovery cadence controls evidence owner review register policy log | continuity, recovery, cadence | 0 |
ISO-Q-036 | audit assurance metrics controls evidence owner review register policy log | audit, assurance, metrics | 0 |
ISO-Q-037 | supplier third_party contract controls evidence owner review register policy log | supplier, third_party, contract | 0 |
ISO-Q-038 | awareness training people controls evidence owner review register policy log | awareness, training, people | 0 |
ISO-Q-039 | privacy legal compliance controls evidence owner review register policy log | privacy, legal, compliance | 0 |
ISO-Q-040 | policy governance review controls evidence owner review register policy log | policy, governance, review | 0 |
ISO-Q-041 | risk register treatment controls evidence owner review register policy log | risk, register, treatment | 0 |
ISO-Q-042 | asset classification ownership controls evidence owner review register policy log | asset, classification, ownership | 0 |
ISO-Q-043 | identity access mfa controls evidence owner review register policy log | identity, access, mfa | 0 |
ISO-Q-044 | cryptography encryption key_management controls evidence owner review register policy log | cryptography, encryption, key_management | 0 |
ISO-Q-045 | logging monitoring retention controls evidence owner review register policy log | logging, monitoring, retention | 0 |
ISO-Q-046 | vulnerability operations hardening controls evidence owner review register policy log | vulnerability, operations, hardening | 0 |
ISO-Q-047 | incident response communication controls evidence owner review register policy log | incident, response, communication | 0 |
ISO-Q-048 | continuity recovery cadence controls evidence owner review register policy log | continuity, recovery, cadence | 0 |
ISO-Q-049 | audit assurance metrics controls evidence owner review register policy log | audit, assurance, metrics | 0 |
ISO-Q-050 | supplier third_party contract controls evidence owner review register policy log | supplier, third_party, contract | 0 |