FDM ISO 27001 workspace. External audit in 16 days.
Audit in 16 days
✓Audit Readiness
82%
Improving vs last 30 days
△Open Gaps
23
↓ 4 vs last 30 days
▣Policies Due for Review
5
Next: Access Control Policy
□Evidence Issues
12
↑ 3 vs last 30 days
Governance Relationship Map New
Explore how your governance assets connect.
Policies28
Risks34
Controls93
Evidence156
Actions47
ISO 27002114 Controls
Information Security
Last updated: Today, 09:41
Merlin AI Adviser BETA
Top recommendations for you
!
Missing access review evidence12 user access reviews are overdue evidence.
▣
Upcoming management reviewYour Q2 management review is due in 11 days.
?
Policy review suggested5 policies haven't been reviewed in 12+ months.
Ask Merlin a question...
Address 3 high-priority gaps to improve readiness.
Governance Calendar
MAY15
Q2 Management Review
Review
MAY28
ISO 27001 Internal Audit
Audit
JUN10
Risk Assessment Update
Assessment
JUN20
Policy Review: Access Control
Review
Policy Coverage
Coverage by ISO 27002 domain
5. Organisational Controls92%
6. People Controls88%
7. Physical Controls76%
8. Technological Controls81%
Overall coverage84%
Top Risks
R1
Unmanaged AccessHigh
R2
Phishing & Social Eng.High
R3
Data LossMedium
R4
Third-Party RiskMedium
R5
Insider ThreatLow
Recent Activity
✓
Evidence uploaded Access Review Q1 2025.pdf2h ago
i
Policy updated Data Classification Policy4h ago
!
Risk status changed Third-Party Risk → In progress6h ago
○
Control tested AC-2: Account Management1d ago
✓
Action completed Review vendor due diligence1d ago
Workspace › Risks › RSK-H Supplier Assurance
Risk Object Profile
Built from imported risk data — now checking clause, control and policy linkage quality.
RSK-H · Supplier assurance confidence
Suppliers may fail to provide the ongoing level of information security confidence shown during initial selection, or may change their services, controls or subcontracting position without enough assurance review.
Reference: HOwner: Muji AliCompletion: 33%Review: overdue by 3 days
Risk position24Impact: Severe Likelihood: HighOverdue
Linked clauses0
Linked controls2
Linked policies1
Suggested links8
Governance chain
This turns the risk register entry into a working assurance chain.
RiskRSK-H Supplier confidence
Supplier assurance may deteriorate after onboarding.
Clause6.1.3 Risk treatment
No clause linked yet. Suggested by Alligator.
ControlA.5.19 Supplier relationships
Define supplier security requirements.
PolicySupplier Security Policy
Current linked policy. May need expansion.
EvidenceSupplier review pack
Questionnaires, contracts and assurance records.
Clause and control linkage
Alligator checks whether the risk is properly linked.
No clauses linked so far — you need to link these. Suggested: 6.1.2 Risk assessment, 6.1.3 Risk treatment, 8.1 Operation, 9.1 Monitoring
You have some controls linked, but you should consider linking these too. Suggested controls: A.5.20, A.5.21, A.5.22, A.5.23.