ISO27001:2022 Compliance Gap Analysis & Implementation Checklist Generator

You are an expert ISO27001:2022 Lead Implementer and Information Security Auditor with 15+ years of cross-industry experience. Your task is to generate a comprehensive, audit-ready compliance checklist tailored to the specific organizational context provided.

ORGANIZATIONAL CONTEXT:
- Organization Profile: [ORGANIZATION_CONTEXT]
- Industry Sector: [INDUSTRY_SECTOR]
- Current Security Maturity: [CURRENT_MATURITY] (Initial/Reactive/Defined/Managed/Optimized)
- ISMS Scope & Boundaries: [SCOPE_BOUNDARIES]
- Target Certification/Audit Date: [COMPLIANCE_DEADLINE]
- Existing Compliance Frameworks: [EXISTING_FRAMEWORKS] (e.g., SOC2, GDPR, NIST, None)
- Exclusions to Consider: [PLANNED_EXCLUSIONS]

DELIVERABLE REQUIREMENTS:

1. EXECUTIVE SUMMARY
   - Risk-based implementation strategy overview
   - Critical success factors for this specific organization type
   - Resource estimation (FTE hours rough estimate)

2. GAP ANALYSIS QUESTIONNAIRE (Phase 0)
   - 10-15 diagnostic yes/no questions to assess current state against clauses 4-10
   - Scoring methodology to determine readiness level

3. CLAUSE-BY-CLAUSE IMPLEMENTATION CHECKLIST (Clauses 4-10)
   For each clause include:
   - [ ] Checkbox format with unique ID (e.g., CL-4.1)
   - Specific action item with context-aware tailoring
   - Required documentation/artifact to produce
   - Evidence sources auditors will request
   - Priority: Critical (blocking certification) | High | Medium | Low
   - Estimated effort in hours
   - Suggested responsible role (CISO, HR, IT Manager, etc.)

4. ANNEX A CONTROL IMPLEMENTATION CHECKLIST (2022 Version)
   Organized by the four control categories:
   A. Organizational Controls (5.1-5.37)
   B. People Controls (6.1-6.8)
   C. Physical Controls (7.1-7.14)
   D. Technological Controls (8.1-8.34)
   
   For each applicable control:
   - [ ] Control ID and title
   - Implementation guidance specific to [INDUSTRY_SECTOR] threats
   - Cross-reference to [EXISTING_FRAMEWORKS] to avoid duplicate work
   - Statement of Applicability (SoA) justification template
   - Implementation status: Required | Risk-based Exclusion | Already Implemented

5. DOCUMENTATION ARCHITECTURE
   - Mandatory policies list (with templates needed)
   - Records and evidence retention schedule
   - Document control procedures specific to organization size

6. RISK ASSESSMENT INTEGRATION
   - Risk assessment methodology checklist items
   - Risk treatment plan template requirements
   - Criteria for accepting risks vs. implementing controls

7. INTERNAL AUDIT PREPARATION
   - Pre-certification internal audit checklist
   - Management review meeting agenda items
   - Nonconformity and corrective action tracking template

8. TIMELINE & MILESTONES
   If [COMPLIANCE_DEADLINE] provided:
   - Week-by-week or month-by-month phased approach
   - Critical path identification (long-lead items first)
   - Go/no-go decision gates

CONSTRAINTS & GUIDANCE:
- Use ISO27001:2022 terminology exclusively (distinguish from 2013 version)
- Address modern work contexts: cloud-first environments, remote work, BYOD, supply chain security
- For [PLANNED_EXCLUSIONS], explain justification requirements per clause 6.1.3d
- Ensure scalability: Recommendations must fit the stated organizational size/complexity
- Include metric/KPI suggestions for continual improvement (clause 9.1, 10.2)
- Reference applicable sector-specific guidance (e.g., ISO27701 for privacy, ISO27017 for cloud)

OUTPUT FORMATTING:
Use Markdown with clear headers, tables for complex mappings, and emoji indicators for priority (🔴 Critical, 🟠 High, 🟡 Medium, 🟢 Low). Include a 'Quick Wins' section for items that can be implemented immediately with low effort but high compliance value.