Unified Compliance Readiness Scorecard
GDPR
(10 Questions)
Do you maintain an up-to-date RoPA (Records of Processing Activities)?
Yes
Partially
No
Have you conducted DPIAs where required in the last 12 months?
Yes
Partially
No
Do you have a clear, documented legal basis for all data processing activities?
Yes
Partially
No
Are data subject rights (DSARs, deletion, access) handled within statutory timeframes?
Yes
Partially
No
Is your privacy notice GDPR-compliant and accessible?
Yes
Partially
No
Do you maintain valid processor agreements (Article 28) with all third-party vendors?
Yes
Partially
No
Are cross-border transfers compliant with UK/EU SCCs or equivalents?
Yes
Partially
No
Have you appointed a DPO or fulfilled Article 37 exemptions?
Yes
Partially
No
Do staff receive annual GDPR and privacy training?
Yes
Partially
No
Have you tested your breach notification process?
Yes
Partially
No
GDPR Score
GDPR SCORE%
Back
Next
ISO 27001
(10 Questions)
Do you maintain a documented and regularly updated risk register?
Yes
Partially
No
Is your Statement of Applicability (SoA) complete and aligned with implemented controls?
Yes
Partially
No
Do you have documented security policies reviewed annually?
Yes
Partially
No
Have you conducted an internal audit within the past year?
Yes
Partially
No
Is management review conducted and documented?
Yes
Partially
No
Do you perform regular access reviews (user privileges, role changes)?
Yes
Partially
No
Are backup and restoration procedures tested at least annually?
Yes
Partially
No
Are mobile devices and remote access governed by policy?
Yes
Partially
No
Do you assess information security risks during supplier onboarding?
Yes
Partially
No
Is corrective action tracked and logged for all nonconformities?
Yes
Partially
No
ISO 27001 Score
ISO 27001 Score %
Back
Next
DORA
(5 Questions)
Do you have a tested incident response plan aligned with DORA timelines?
Yes
Partially
No
Are critical ICT third-party providers identified and governed by contracts?
Yes
Partially
No
Have you completed threat-led penetration testing (TLPT) or equivalent?
Yes
Partially
No
Do you report significant ICT-related incidents to the relevant authority?
Yes
Partially
No
Are operational resilience roles/responsibilities clearly assigned?
Yes
Partially
No
DORA Score
DORA Score %
Back
Next
NIS2
(5 Questions)
Have you performed a NIS2 gap assessment for your sector classification?
Yes
Partially
No
Do you have a cyber risk management plan aligned to NIS2’s minimum measures?
Yes
Partially
No
Are security incident procedures tested and documented?
Yes
Partially
No
Do you monitor third-party and supply chain vulnerabilities?
Yes
Partially
No
Are you prepared to comply with reporting timelines (24 hours initial, 72 hours full)?
Yes
Partially
No
NIS2 Score
NIS2 Score %
Back
Next
ISO/IEC 42001 – AI Governance (5 Questions)
Have you identified all AI/automated decision-making systems used in your organisation?
Yes
Partially
No
Have risks associated with those systems been assessed and documented?
Yes
Partially
No
Is there an AI-specific policy that governs fairness, transparency, and explainability?
Yes
Partially
No
Do you conduct AI impact assessments (AIIAs) for high-risk systems?
Yes
Partially
No
Are AI stakeholders trained on ethical, legal, and operational risks?
Yes
Partially
No
ISO/IEC 42001 – AI Governance Score
ISO/IEC 42001 – AI Governance Score%
Back
Next
Name
First Name
Last Name
Company Name
Work Email
example@example.com
Phone Number
Please enter a valid phone number.
I consent to follow-up emails about compliance insights and offers.
Total Score
Verdict Text
Total Score(%)
Submit
Should be Empty: