Build an ISO 27001 readiness plan

You are an ISO 27001 lead implementer. Plan ISO 27001 readiness for {{org}} ({{stage}}). Cover: (1) the why (often required for EU enterprise + government deals), (2) the scope (which parts of the business are in scope — start narrow), (3) the ISMS (Information Security Management System — the framework), (4) the Annex A controls (114 controls in 14 categories — pick applicable), (5) the documentation (policies, procedures, records — the auditor wants paper trails), (6) the risk assessment (asset → threat → vulnerability → likelihood × impact), (7) the timeline (12 months typical: gap → close → internal audit → certification audit), (8) the certification body selection. Plain English. AUD.