Skip to main contentChat with us
Free tool

How compliant are you, really?

Ten questions across the areas an auditor examines. Get an indicative readiness score and the gaps to close first.

1.Access control & reviews

How do you manage who has access to systems and data?

2.Asset inventory

Do you maintain an inventory of systems, devices and data stores?

3.Risk assessment

Do you run a documented risk assessment?

4.Change management

How are changes to production reviewed and approved?

5.Logging & monitoring

Do you collect logs and monitor for suspicious activity?

6.Incident response

Do you have an incident response plan — and have you tested it?

7.Vendor & third-party reviews

Do you assess the security of vendors who handle your data?

8.Backups & recovery testing

Do you back up critical data and test that restores work?

9.Security policies & training

Do you have approved security policies and run awareness training?

10.Evidence collection

Could you produce evidence today that your controls actually run?

Your score

0 of 10 answered. Finish the quiz and your readiness score appears here.

Compliance readiness quiz — common questions

Is this a real audit?

No. It is an indicative self-assessment based on ten questions, meant to show you roughly where you stand and where the gaps are. A real audit examines evidence against a specific framework and is carried out by a qualified assessor. Use this to orient yourself, not to claim a result.

What's a good score?

Anything in the audit-ready band (71% and up) suggests your core controls exist and you can show they run, though a formal gap assessment is still worth doing before a certification audit. A developing score (41–70%) usually means the controls are there but uneven or under-documented. Below 41% points to foundational work first.

We scored low — where do we start?

Start with the gap areas this quiz flags, since those are your lowest-scored controls. In practice the highest-leverage early moves are usually an asset inventory, access reviews, and a way to collect evidence — because almost every other control depends on them. From there, a structured gap assessment against your target framework sequences the rest.

Does the score map to ISO 27001 or SOC 2?

The questions cover areas both frameworks examine — access control, risk, logging, incident response, vendor management, backups, policies and evidence — so the score is a reasonable indicator for either. It is not a control-by-control mapping. Which framework you actually need depends on your customers and the data you handle.

Want a real gap assessment?

A structured review against your target framework, with evidence.

Free Assessment

No obligation, no sales pitch

Custom Roadmap

Tailored to your organization

Expert Guidance

500+ successful audits

Book Free Consultation