Your Complete Path to ISO 27001 Certification
A structured 90-day plan that takes startups and fast-growing teams from zero to audit-ready. Follow the Plan-Do-Check-Act approach aligned with ISO 27001:2022 framework.
✨ Built by Smartly — the platform that automates 70% of this roadmap.
Get Your Free Roadmap
By submitting, I agree to Smartly's Privacy Policy
Your 90-Day Journey to Certification
A proven timeline that breaks down ISO 27001 certification into manageable phases, each with clear objectives and deliverables.
Foundation & Scoping
Weeks 1-4
- Appoint ISO 27001 team
- Define ISMS scope
- Build ISMS framework
- Create asset inventory
- Plan risk methodology
Implementation & Control
Weeks 5-8
- Conduct risk assessment
- Prepare risk treatment plan
- Complete Statement of Applicability
- Implement policies & controls
- Train employees
Audit Readiness
Weeks 9-12
- Conduct internal audit
- Hold management review
- Prepare evidence repository
- Complete Stage 1 & 2 audits
- Address nonconformities
Built for Startups & Fast-Growing Teams
We understand that achieving ISO 27001 certification can be overwhelming, especially for smaller teams. This roadmap gives you a clear, actionable plan to reach audit-ready status in just 90 days.
Step-by-step guidance for each phase
Clear ownership and evidence requirements
Aligned with ISO 27001:2022 framework
Includes all 18 critical action items
Summary Checklist
Key outputs and their review frequencies
| Category | Key Output | Frequency |
|---|---|---|
| ISMS Team | Roles and charter | One-time, review annually |
| Scope Definition | ISMS Scope Statement | Annual review |
| Risk Management | Risk Register & Treatment Plan | Quarterly update |
| SoA | Approved Statement of Applicability | Annual update |
| Policies & Procedures | Documented ISMS Framework | Review annually |
| Training | Records of Employee Training | Biannual |
| Internal Audit | Internal Audit Report | Annual |
| Management Review | Minutes & Action Plan | Annual |
| External Audit | Stage 1 & 2 Audit Reports | Every 3 years |
| Improvement | Corrective Action Log | Continuous |
Smartly Accelerates Your Journey
Smartly reduces manual compliance work by automating evidence collection, task tracking, and control validation.
Automated Evidence
Connect AWS, Google Workspace, GitHub, and Jira to continuously monitor readiness
Built-in Templates
Use policy templates and dashboards to manage your ISMS lifecycle with less overhead
70% Automation
Save time and reduce errors by automating the majority of compliance tasks
Frequently Asked Questions
Everything you need to know about the 90-day roadmap
Can we really achieve ISO 27001 certification in 90 days?
Yes! This roadmap is designed for startups and SMEs with focused scope. If you dedicate the right resources and follow the timeline, you can be audit-ready in 90 days. Larger organizations or complex scopes may need more time.
What resources do we need to complete this roadmap?
You'll need an Information Security Manager or project lead, plus representatives from engineering, IT, HR, and operations. Expect 10-20 hours per week from the lead and 2-5 hours per week from other team members.
Is this roadmap aligned with ISO 27001:2022?
Absolutely. The roadmap follows the Plan-Do-Check-Act approach and covers all requirements of ISO 27001:2022, including all 93 Annex A controls and clauses 4-10.
How does Smartly help accelerate the process?
Smartly automates evidence collection by integrating with your existing tools (AWS, Google Workspace, GitHub, Jira). It provides built-in policy templates, task tracking, and dashboards that reduce manual work by up to 70%.
What happens after we complete the 90-day roadmap?
After completing the roadmap, you'll be ready for external certification audit. Once certified, you'll need annual surveillance audits and full recertification every three years. The roadmap includes guidance for ongoing compliance.
Start Your 90-Day Journey Today
Download the complete roadmap checklist and get started on your path to ISO 27001 certification.
By submitting, I agree to Smartly's Privacy Policy