Lumiform Mobile audits & inspections
Get App Get App

ISO 27001 Compliance Checklist Template

Rated 5/5 stars on Capterra

Say goodbye to paper checklists!

Lumiform enables you to conduct digital inspections via app easier than ever before
  • Cut inspection time by 50%
  • Uncover more issues and solve them 4x faster
  • Select from over 5,000 expert-proofed templates

Digitalize this paper form now

Register for free on and conduct inspections via our mobile app

  • Cut inspection time by 50%
  • Uncover more issues and solve them 4x faster
  • Select from over 4000 expert-proofed templates
Rated 5/5 stars on Capterra

ISO 27001 Compliance Checklist Template


Insert company logo


Enter the scope

Opening meeting

List of attendees of opening meeting and their roles

Are there any Health & Safety issues that might affect the conduct of the audit?

Overview of the company

Review of previous audit findings

Describe the findings and indicate if they have been addressed and in what way

Key themes

Identify key themes


ISMS Policy

Does the ISMS policy include a framework for setting objectives?

Take into account legal and regulatory requirements?

Establish criteria against which risk will be evaluated?

Been approved by management?

Record the date the ISMS policy was last updated

Risk Assessments

Has the risk assessment methodology been defined

Describe how risks are identified, analysed, evaluated and treated

Record the date the Risk Assessment was last updated

Statement of Applicability

Have control objectives and controls been defined, selected, implemented or justification for their exclusion been documented.

Record the date the SoA was last updated

Operating the ISMS

How is the effectiveness of controls measured to ensure consistent and reproducible results?

Is there a log of actions and events which impact upon the effectiveness of the ISMS? Give examples of records seen

Is there evidence of any improvements to the ISMS?

Is there a documented Control of Documents procedure?

Is there Control of Records Procedure? Are records protected and controlled? Have the controls required to identify, store, protect, retrieve, retain, and dispose of records been documented?


Is there evidence that sufficient resources have been provided to adequately monitor, review, maintain and improve the ISMS?

Is there a training and awareness programme? Give examples of records seen to demonstrate this.

How is the effectiveness of any training given evaluated?


Have Internal ISMS audits been conducted and is there evidence that they have been planned?

Give dates and examples of audits conducted


Have management reviews of the ISMS been conducted and recorded?

Give details of the inputs and outputs

Give the date of the latest management review


Are there any records of non-conformities? If yes how have these been addressed and what evidence was seen?

Is there any evidence of preventive action taken to identify potential non-conformities, and evaluation of the need for action? Give examples

Closing meeting

List of attendees of closing meeting and their roles

Major non-conformances

List any MAJOR non-conformances

❌I regret to inform you that on this occasion I am unable to recommend your certification

Minor non-Conformances

List all MINOR non-conformances

Observations and opportunities for improvemement

List any observations or opportunities for improvement

I am pleased to be able to tell you that you have met the requirements of the standard and I will therefore be recommending your certification

Sign off the audit

Share this template:
This template is also available in: