01 Compliance overview

Your entire ISO 27001 posture at a glance.

The compliance dashboard shows all 93 Annex A controls grouped by domain. Each control carries a completion score derived directly from your uploaded documentation — not self-assessment, not manual scoring.

Compliance overview · Annex A58 / 93
A.5 Organisational A.6 People A.8 Technology
A.5.1 Information security policies Met
A.5.9 Inventory of information assets Partial
A.5.12 Classification of information Partial
A.5.23 Information security for cloud services Missing
A.5.30 ICT readiness for business continuity Not assessed
02 Document ingestion

Upload once. Aileth does the routing.

Drop in your policies, procedures, and evidence documents. Aileth automatically identifies the document type and maps it to the relevant ISO 27001 controls. No manual tagging required — though you can always override.

Documents · 12 filesProcessing 9 / 12…
9 indexed3 remaining
01_Information_Security_Policy_v3.pdf Policy ✓ Indexed
05_Data_Classification_Handling_v1.2.md Procedure ✓ Indexed
IT_Access_Management_v2.1.docx Procedure ⟳ Processing…
Supplier_NDA_Template_2024.pdf NDA Queued
03 Gap analysis

Criterion-level verdicts, not checkbox summaries.

Every ISO 27001 control is broken into its individual acceptance criteria. Aileth assesses each criterion independently against your documentation, returning a PRESENT, PARTIAL, or MISSING verdict with an explanation and the exact passages it found — or failed to find.

A.5.12
Classification of information
72%
A classification scheme with defined sensitivity levels is documented. Present
Evidence "Data is classified as Public, Internal, Confidential, or Restricted based on…"
Classification criteria are applied consistently across all information assets. Partial
Evidence "All new documents must be classified at creation…"
Handling rules per classification level are defined and communicated. Missing
Gap No handling or transfer rules found per classification level.
04 Reporting

A report you can hand to your auditor.

Generate a structured compliance report with a complete breakdown of all controls, their status, the supporting evidence found, and a prioritised list of gaps to address. Suitable for internal review and as a pre-audit artefact.

ISO 27001:2022 Gap Analysis Report6 May 2026
58 Controls met
21 Partial
14 Missing
A.5.23 No cloud security policy found. Required for SaaS and IaaS services in scope.
A.8.9 Configuration management procedure references a tool but contains no baseline standards.
A.5.12 Handling rules per classification level are defined but not communicated to staff.
↓ Export PDF

Ready to see your gaps?

Request early access and run your first gap analysis within the hour.

Request early access