Prospective Client Onboarding Form

Client Name *

First Name

Last Name

Motivation to undergo the project:

Client requirement (existing or prospective)

Legal/Regulatory - required in order to operate in the space

To expand my business (for example, product security)

To improve information security in the business

Is there a documented project mandate from executive management / board of directors to undergo ISO 27001:2022 certification?

Yes

No

In progress currently

Capacity planning for ISO 27001:2022 implementation

We have technical resources (staff, project members) already in place ready to implement

We have non-technical resources (ie HR, legal, operations) already in place ready to support

There is a set budget for implementing this project that will for up to 12 months

We do not know the current capacity yet

What process and set up do you have currently for a management system?

An information management system is in place but not ISO 27001 certified

Some processes or documentation is in place that can be used for the ISMS

No to little processes or documentation in place

We have a compliant management system, seeking ISO 27001:2022 upgrade

If you have information management system in place, what is the status?

Some procedures, processes, checklists written, no version control and it might be out of date

We have procedures, processes, checklists written, these are in daily use and kept up to date.

Ad hoc documents are written and updated for internal use, documents that are client facing are prioritised

We have a compliant management system, seeking ISO 27001:2022 upgrade

How flexible is your company in adopting new processes, procedures, policies, and standards? Please answer this for the entire company and not just the project team

Multiple Stakeholders - changes and new ventures require additional buy-in and negotiations

Agile - changes are readily moved into the queue for review and acceptance, and open to feedback

Lean out (very flexible) - Just tell us what to do and we will do it (within our budget for purchases)

Do you have a data protection management programme?

Yes and it is integrated with our current processes/system in place

Yes but mainly used by legal teams

No but we keep track of data protection requirements in some way

None

Do you have a dedicated person or team for any of the following roles/responsibilities

DPO (Data Protection Officer) - this is the person that reviews DPA, manages the data protection programme, privacy contact

SO (Information Security Officer) - this is the person that will end up managing the information security management system

Shared responsibility between employees

DPO is outsourced

ISO is outsourced or MSSP is used

What is your current IT team setup?

In-house dedicated employees

Contractors or vendors with SLA, NDA, job/task/scope description.

Contractors or vendors with NDA and simple or generic job/task description

MSSP

Mix of employees and outsourced

By filling in this form, you agree to be contacted by an authorized representative of Superuser for follow up to the questionnaire. Your questionnaire answers will only be used as part of the internal client onboarding process-matching and will not be used for information filled in for other parties, such as auditing bodies. *

I Agree