Back to Docs
Recipe

Recipe: ISO 27001 prep checklist

A practical walkthrough to align your Meridian deployment with ISO 27001 Annex A controls before your Stage 1 audit.

A.5 — Information security policies

  • Document your Meridian access control policy in the dashboard Policy tab.
  • Export the auto-generated policy PDF and attach it to your ISMS manual.
  • Set a quarterly review reminder — Meridian will flag stale policies.

A.8 — Asset management

  • Run the asset discovery scan from the Inventory page.
  • Tag every asset with an owner and classification level.
  • Enable the “unowned asset” alert to catch orphaned endpoints.

A.9 — Access control

  • Enforce MFA for all Meridian users via the Auth settings panel.
  • Review the privilege audit report — revoke any standing admin access not tied to a named account.
  • Enable just-in-time elevation for break-glass scenarios.

A.12 — Operations security

  • Confirm that Meridian's change log is shipping to your SIEM.
  • Schedule a weekly vulnerability scan from the Compliance hub.
  • Enable capacity monitoring alerts to satisfy capacity management requirements.

A.16 — Incident management

  • Define your incident severity matrix inside Meridian's Incident Response module.
  • Run a tabletop exercise and log the timeline directly in the platform.
  • Verify that the post-incident review template auto-populates from event data.

Pro tip: Use the Meridian audit-readiness score on the dashboard home screen as a daily pulse check. Aim for 85+ before your auditor walks in.

← SOC 2 recipeHIPAA recipe →