ISO 27001 is audited on evidence, not on intentions. A measure that is "in place" but undocumented is what an auditor records as a nonconformity. Answer according to what you could produce: written policies, registers, minutes, audit and test reports.
Certification is decided on the management system, not on tools. Most failures come from the same places: an undefined scope, a Statement of Applicability that cannot be defended, no internal audit, and no management review. This self-assessment follows that logic.
Get your analysis
Enter your professional details to complete your self-assessment. Our team can then send you a personalised analysis of your situation.