This is a sample report
This report demonstrates the full format and content of the EvaluationCat information security assessment system.Start your exclusive assessment →
ISO 27001/27002 Information Security Assessment Report
Example Tech Co., Ltd.
Report Date: December 6, 2024
Report No.: IG-2024-12-001
Industry: FinTech
Standard: ISO/IEC 27001:2022
48Total Score
Average
Security Status Rating
Executive Summary
Comprehensive assessment based on 93 ISO 27001/27002 controls
Your organization has a solid foundation in Asset Identification, Backup & Access Management, but has higher risks inPrivileged Account Management, Continuous Monitoring & Cloud Configuration.
Priority Recommendations: It is recommended to complete privileged account review and MFA coverage within 30 days, and deploy SIEM or cloud posture monitoring within 90 daysto reduce medium-term risks.
31
Compliant
27
Partially Implemented
35
Not Implemented
33%
Compliance Rate
Control Implementation Statistics
Detailed implementation analysis of the four control domains
| Domain | Total | Compliant | Partially | Missing | Rate |
|---|---|---|---|---|---|
| Organizational Controls | 37 | 12 | 10 | 15 | 46% |
| People Controls | 8 | 5 | 1 | 2 | 69% |
| Physical Controls | 14 | 4 | 8 | 2 | 57% |
| Technological Controls | 34 | 10 | 8 | 16 | 41% |
Domain Score Details
Scores by ISO 27001/27002 control domains
Organizational Controls(37 controls)
46/ 100
AverageCompliant: 12 | Partial: 10 | Missing: 15
People Controls(8 controls)
69/ 100
GoodCompliant: 5 | Partial: 1 | Missing: 2
Physical Controls(14 controls)
57/ 100
AverageCompliant: 4 | Partial: 8 | Missing: 2
Technological Controls(34 controls)
41/ 100
AverageCompliant: 10 | Partial: 8 | Missing: 16
Security Posture Radar
Your organization's scores across four domains vs. industry average
Domain Score Comparison
Comparison of your organization's scores in four domains against industry averages.
| Domain | Your Score | Industry Avg | Diff |
|---|---|---|---|
| Organizational Controls | 46 | 60 | -14 |
| People Controls | 69 | 65 | +4 |
| Physical Controls | 57 | 55 | +2 |
| Technological Controls | 41 | 50 | -9 |
Average score across four domains is53, while industry average is58.
Key Findings & Recommendations
Overall insights based on the four control domains radar chart
Key Findings
- Based on the analysis of four control domains, your organization performs best inPeople Controls.
- There is room for improvement inTechnological Controls, with scores significantly lower than other domains.
- The overall average score for the four control domains is53, compared to the industry average of58.
- Some control domain scores are still lower than the industry average and require further attention and improvement.
Recommendations
- ForTechnological Controls, it is recommended to further strengthen relevant security policies, processes, and technical controls.
- Conduct regular security control assessments to track improvement progress in each domain and ensure overall balanced development.
- Reference industry best practices and establish benchmarks in better-performing domains to drive improvements in other areas.
- Continuously strengthen security training to improve overall security awareness, with special attention to policy enforcement and behavioral norms related toPeople Controls.
Compliance Heatmap
Overview of 93 control items execution status (hover for details)
Distribution of Control Execution Status
#1ID: 5.1.1Name: Sample Control Item 1Status: Compliant
#2ID: 5.1.2Name: Sample Control Item 2Status: Compliant
#3ID: 5.1.3Name: Sample Control Item 3Status: Compliant
#4ID: 5.1.4Name: Sample Control Item 4Status: Compliant
#5ID: 5.1.5Name: Sample Control Item 5Status: Compliant
#6ID: 5.1.6Name: Sample Control Item 6Status: Compliant
#7ID: 5.1.7Name: Sample Control Item 7Status: Compliant
#8ID: 5.1.8Name: Sample Control Item 8Status: Compliant
#9ID: 5.1.9Name: Sample Control Item 9Status: Compliant
#10ID: 5.1.10Name: Sample Control Item 10Status: Compliant
#11ID: 5.1.11Name: Sample Control Item 11Status: Compliant
#12ID: 5.1.12Name: Sample Control Item 12Status: Compliant
#13ID: 5.1.13Name: Sample Control Item 13Status: Compliant
#14ID: 5.1.14Name: Sample Control Item 14Status: Compliant
#15ID: 5.1.15Name: Sample Control Item 15Status: Compliant
#16ID: 5.1.16Name: Sample Control Item 16Status: Compliant
#17ID: 5.1.17Name: Sample Control Item 17Status: Compliant
#18ID: 5.1.18Name: Sample Control Item 18Status: Compliant
#19ID: 5.1.19Name: Sample Control Item 19Status: Compliant
#20ID: 5.1.20Name: Sample Control Item 20Status: Compliant
#21ID: 5.1.21Name: Sample Control Item 21Status: Compliant
#22ID: 5.1.22Name: Sample Control Item 22Status: Compliant
#23ID: 5.1.23Name: Sample Control Item 23Status: Compliant
#24ID: 5.2.1Name: Sample Control Item 24Status: Compliant
#25ID: 5.2.2Name: Sample Control Item 25Status: Compliant
#26ID: 5.2.3Name: Sample Control Item 26Status: Compliant
#27ID: 5.2.4Name: Sample Control Item 27Status: Compliant
#28ID: 5.2.5Name: Sample Control Item 28Status: Compliant
#29ID: 5.2.6Name: Sample Control Item 29Status: Compliant
#30ID: 5.2.7Name: Sample Control Item 30Status: Compliant
#31ID: 5.2.8Name: Sample Control Item 31Status: Compliant
#32ID: 5.2.9Name: Sample Control Item 32Status: Partially Implemented
#33ID: 5.2.10Name: Sample Control Item 33Status: Partially Implemented
#34ID: 5.2.11Name: Sample Control Item 34Status: Partially Implemented
#35ID: 5.2.12Name: Sample Control Item 35Status: Partially Implemented
#36ID: 5.2.13Name: Sample Control Item 36Status: Partially Implemented
#37ID: 5.2.14Name: Sample Control Item 37Status: Partially Implemented
#38ID: 5.2.15Name: Sample Control Item 38Status: Partially Implemented
#39ID: 5.2.16Name: Sample Control Item 39Status: Partially Implemented
#40ID: 5.2.17Name: Sample Control Item 40Status: Partially Implemented
#41ID: 5.2.18Name: Sample Control Item 41Status: Partially Implemented
#42ID: 5.2.19Name: Sample Control Item 42Status: Partially Implemented
#43ID: 5.2.20Name: Sample Control Item 43Status: Partially Implemented
#44ID: 5.2.21Name: Sample Control Item 44Status: Partially Implemented
#45ID: 5.2.22Name: Sample Control Item 45Status: Partially Implemented
#46ID: 5.2.23Name: Sample Control Item 46Status: Partially Implemented
#47ID: 5.3.1Name: Sample Control Item 47Status: Partially Implemented
#48ID: 5.3.2Name: Sample Control Item 48Status: Partially Implemented
#49ID: 5.3.3Name: Sample Control Item 49Status: Partially Implemented
#50ID: 5.3.4Name: Sample Control Item 50Status: Partially Implemented
#51ID: 5.3.5Name: Sample Control Item 51Status: Partially Implemented
#52ID: 5.3.6Name: Sample Control Item 52Status: Partially Implemented
#53ID: 5.3.7Name: Sample Control Item 53Status: Partially Implemented
#54ID: 5.3.8Name: Sample Control Item 54Status: Partially Implemented
#55ID: 5.3.9Name: Sample Control Item 55Status: Partially Implemented
#56ID: 5.3.10Name: Sample Control Item 56Status: Partially Implemented
#57ID: 5.3.11Name: Sample Control Item 57Status: Partially Implemented
#58ID: 5.3.12Name: Sample Control Item 58Status: Partially Implemented
#59ID: 5.3.13Name: Sample Control Item 59Status: Not Implemented
#60ID: 5.3.14Name: Sample Control Item 60Status: Not Implemented
#61ID: 5.3.15Name: Sample Control Item 61Status: Not Implemented
#62ID: 5.3.16Name: Sample Control Item 62Status: Not Implemented
#63ID: 5.3.17Name: Sample Control Item 63Status: Not Implemented
#64ID: 5.3.18Name: Sample Control Item 64Status: Not Implemented
#65ID: 5.3.19Name: Sample Control Item 65Status: Not Implemented
#66ID: 5.3.20Name: Sample Control Item 66Status: Not Implemented
#67ID: 5.3.21Name: Sample Control Item 67Status: Not Implemented
#68ID: 5.3.22Name: Sample Control Item 68Status: Not Implemented
#69ID: 5.3.23Name: Sample Control Item 69Status: Not Implemented
#70ID: 5.4.1Name: Sample Control Item 70Status: Not Implemented
#71ID: 5.4.2Name: Sample Control Item 71Status: Not Implemented
#72ID: 5.4.3Name: Sample Control Item 72Status: Not Implemented
#73ID: 5.4.4Name: Sample Control Item 73Status: Not Implemented
#74ID: 5.4.5Name: Sample Control Item 74Status: Not Implemented
#75ID: 5.4.6Name: Sample Control Item 75Status: Not Implemented
#76ID: 5.4.7Name: Sample Control Item 76Status: Not Implemented
#77ID: 5.4.8Name: Sample Control Item 77Status: Not Implemented
#78ID: 5.4.9Name: Sample Control Item 78Status: Not Implemented
#79ID: 5.4.10Name: Sample Control Item 79Status: Not Implemented
#80ID: 5.4.11Name: Sample Control Item 80Status: Not Implemented
#81ID: 5.4.12Name: Sample Control Item 81Status: Not Implemented
#82ID: 5.4.13Name: Sample Control Item 82Status: Not Implemented
#83ID: 5.4.14Name: Sample Control Item 83Status: Not Implemented
#84ID: 5.4.15Name: Sample Control Item 84Status: Not Implemented
#85ID: 5.4.16Name: Sample Control Item 85Status: Not Implemented
#86ID: 5.4.17Name: Sample Control Item 86Status: Not Implemented
#87ID: 5.4.18Name: Sample Control Item 87Status: Not Implemented
#88ID: 5.4.19Name: Sample Control Item 88Status: Not Implemented
#89ID: 5.4.20Name: Sample Control Item 89Status: Not Implemented
#90ID: 5.4.21Name: Sample Control Item 90Status: Not Implemented
#91ID: 5.4.22Name: Sample Control Item 91Status: Not Implemented
#92ID: 5.4.23Name: Sample Control Item 92Status: Not Implemented
#93ID: 5.5.1Name: Sample Control Item 93Status: Not Implemented
Compliant (31)
Partially Implemented (27)
Not Implemented (35)
Not Applicable (0)
Top Performing Areas
Your organization excels in the following areas
People Controls (A.6)
Excellent performance in personnel screening and background checks, with employee security awareness training coverage exceeding 90%
Physical Management of Office Equipment
Comprehensive physical access control measures, standardized equipment entry/exit management, and adequate surveillance coverage in office areas
Information Security Policy Documentation
Established a complete information security management system documentation, with regular reviews and updates
Critical Gap Alerts
Immediate attention required for the following high-risk items
High Risk
A.8.10 Information Deletion
Lack of encryption measures may lead to sensitive customer data leakage, facing risks of high fines under Data Security Laws
High Risk
A.8.8 Privileged Access Management
Missing privileged account management may lead to internal privilege abuse and data tampering risks
Medium Risk
A.8.16 Monitoring Activities
Lack of SIEM or log monitoring systems makes it difficult to detect anomalous behavior and security incidents in a timely manner
Industry Comparison & Trends
Understand your security standing within the industry
25%
Industry Percentile Ranking
In the FinTech industry, your security score exceeds 25% of assessed companies
Potential Loss Estimation
Based on currently missing high-risk controls, your organization may face the following in case of a data security incident:
- Legal Litigation Costs: $70k - $300k
- Business Interruption Loss: Daily average $15k - $70k
- Brand PR Remediation: $150k - $700k
- Regulatory Fine Risk: Up to 5% of annual revenue
Action Recommendations & Remediation Roadmap
Phased remediation plan based on risk priority
Priority Matrix
Priority 1
High Risk + Low Cost
- • Fix Password Policy (1-2 weeks)
- • Deploy MFA (2-3 weeks)
- • Review Privileged Accounts (3-4 weeks)
Priority 2
Long-term Compliance
- • Deploy SIEM (2-3 months)
- • ISO 27001 Certification (6-12 months)
- • Refine Disaster Recovery Plan (3-6 months)
Remediation Timeline
30
Within 30 Days
Emergency Fix Phase
Complete privileged account review & MFA coverage
90
Within 90 Days
Medium-term Risk Reduction
Deploy SIEM or Cloud Posture Monitoring
12M
Within 12 Months
Long-term Compliance Phase
Complete ISO 27001 Certification Prep
Control Details
View detailed control assessment results
Pro Exclusive Content
Unlock Full AI Remediation Plan
Get specific technical implementation roadmaps and expert selection advice for each issue
A.8.8 Privileged Access Management - Detailed Remediation Plan
Technical Implementation Plan
- 1. Deploy Privileged Access Management (PAM)
- 2. Implement Least Privilege Principle
- 3. Configure Audit Logs & Session Recording
Recommended Product Comparison
| Product | Price | Use Case |
|---|---|---|
| BeyondTrust | $10-20/user/month | Large Enterprise |
Pro Report Includes
- ✓ 1-on-1 AI Improvement Plan for Each Issue
- ✓ Specific Technical Product Models & Vendor Comparison
- ✓ Full Set of Management Policy Templates Download
- ✓ Budget Estimation & Implementation Timeline
$149$49Limited Time Offer
30-Day Money-Back Guarantee | Corporate Invoicing Supported
Start Your Exclusive Security Assessment
Assess your enterprise information security status comprehensively with 93 controls based on latest ISO 27001/27002 standards
Get detailed scoring reports and professional remediation advice to improve your information security management level
Free version includes full assessment & basic report | Pro version ($49) includes AI remediation advice