ISO 27001 Gap Analysis
Check the maturity level of your ISMS according to ISO 27001.
ISO 27001 gap analysis: Kick-off for an ISMS
Apart from the fact that ISO 27001 does not give you any concrete instructions on what exactly you have to implement and how - it is also not a good assistance in the question of which steps should be implemented in which order.
The ISO 27001 gap analysis delivers in about 5 man-days what you need:
- We provide you with clarity on the scope of ISO 27001, in other words, 'what needs to be protected'.
- We assess your ISMS processes, policies and measures, in other words, the 'where are you today'.
- We evaluate this information and as a result provide you with a roadmap to get from A (baseline) to Z (certification), including time and cost estimates.
The process in detail
Plan and review
Before we start with the ISO 27001 gap analysis, we define in an initial meeting the framework conditions in order to provide you with the best possible added value. Do you already have a scope of the ISMS to be established? What are your reasons for conducting the ISO 27001 gap analysis? What are your expectations?
Afterwards, we create an audit plan so that you can start coordinating the dates of the audit sessions, which are the interviews with the respective area managers.
Before conducting the interviews, we review your existing safety documents. These give us an initial indication of possible deficits.
Conduct interviews
Usually, we conduct the audit sessions or interviews on-site at your company. If desired, this can of course also take place remotely.
During the interviews with the department heads ( for example IT, purchasing, facility management, human resources, production, compliance, ...) we identify possible security weaknesses, as well as deviations from the requirements of ISO 27001. In parallel, we carry out technical samples. This enables us to assess whether relevant security aspects are actually integrated into business processes and whether your ISMS is 'lived'.
Â
Deliver results
After we have conducted the audit sessions and examined your organization, we provide you with a detailed overview of your current implementation status or the maturity level of your ISMS according to ISO 27001. We document the identified action areas in a report. This gives you a pretty accurate idea of where the problem lies and what work is waiting for you.Â
You will receive additional 'start help' for the implementation of your ISMS from us in the form of an ISO 27001 roadmap. In it, we tell you which steps you should take in which order and how much time and resources you should plan for them.
Create awareness
Creating a certifiable ISMS requires the support of your organization's top management. Therefore, if desired, we are happy to conduct a management presentation at the end of the ISO 27001 gap analysis. In addition to the top findings, we will particularly address your ISO 27001 roadmap and sensitize your management to the following topics:
- How should the implementation of an ISMS according to ISO 27001 usually be set up and which setup has proven itself in practice.Â
- What framework conditions must be created for this.
- What roles and tasks does the top management have within an ISMS so that the ISMS can also be effective and successful.
Why ISO 27001 gap analyses with HvS?
