What Is an ISO 27001 GAP Analysis
ISO 27001 Gap Analysis is the process organisations use to compare their current cyber security posture with the requirements set out in ISO 27001 certification. This analysis is used to determine whether a company is meeting the requirements and using its resources effectively. Gap Analysis is useful for organisations to set out a clear roadmap to obtaining ISO 27001 certification and establish the time and resources required.
What Does the GAP Analysis Report Include
The report includes in detail what changes need to be made within the organisation to reach ISO 27001 certification, here are just some of the aspects the report will cover.
- An overview of the state and maturity of your information security arrangements;
- A summary of the specific gaps between these arrangements and the requirements of ISO 27001;
- Options for the scope of an ISMS, and how they help to meet your business and strategic objectives;
- An outline action plan and indications of the level of internal management effort required to implement an ISO 27001 ISMS; and
- A compliance status report (red/amber/green) against the management system clauses (clause-by-clause), as well as the information security controls (control-by-control) described in ISO 27001.
Our Process
The decision to undergo ISO 27001 certification must have full management support. The necessary changes will require time, but this is an investment towards compliance that will pay off in the long run for more efficient processes.
