A comprehensive information security management system (as defined by the requirements contained in ISO 27001) details the steps required for the effective management of information security (and cyber security) risks.
An ISO 27001 gap analysis is a sensible starting point for assessing the gaps in your information security regime.
Even if you aren’t considering certification to ISO 27001, an in-person gap analysis against the requirements of a leading information security standard offers the following benefits:
- A high-level review of the efficacy of your policies, procedures, processes and controls
- Interviews with key managers
- Assistance defining the scope of a proposed information security management system (ISMS)
- A detailed compliance status report against the clauses and controls described in ISO 27001
Description
Our ISO27001 Gap Analysis will provide you with an informed assessment of:
- Your compliance gaps against ISO 27001
- The proposed scope of your information security management system (ISMS)
- Your internal resource requirements; and
- The potential timeline to achieve certification readiness.
What to expect:
An ISO 27001 specialist will interview key managers and perform an analysis of your existing information security arrangements and documentation.
Following this, you will receive a gap analysis report collating the findings of these investigations. The report will detail areas of compliance and areas requiring improvement, and provide further recommendations for the proposed ISO 27001 compliance project.
The report includes:
- The overall state and maturity of your information security arrangements
- The specific gaps between these arrangements and the requirements of ISO 27001
- Options for the scope of an ISMS, and how they help to meet your business and strategic objectives
- An outline action plan and indications of the level of internal management effort required to implement an ISO 27001 ISMS; and
- A compliance status report (red/amber/green) against the management system clauses (clause-by-clause), as well as the information security controls (control-by-control) described in ISO 27001:2013.
Please contact us for further information or to speak to an infosec expert.