ISO 27001 Gap Analysis

Check the maturity level of your ISMS according to ISO 27001.

 

 

Your goal

 

You want professionals to cost-efficiently determine how far your company meets the requirements of ISO 27001 or how to get from the current status to certification.

Our service

 

Using our ISO 27001 gap analysis, we evaluate the "ISO 27001-readiness" in your company in a short time and provide clear recommendations for action.

The result

 

You know your current status information security, the steps required for an ISO 27001 maturitylevel, and the effort required to achieve that level.

ISO 27001 gap analysis: Kick-off for an ISMS

Apart from the fact that ISO 27001 does not give you any concrete instructions on what exactly you have to implement and how - it is also not a good assistance in the question of which steps should be implemented in which order.

The ISO 27001 gap analysis delivers in about 5 man-days what you need:

  • We provide you with clarity on the scope of ISO 27001, in other words, 'what needs to be protected'.
  • We assess your ISMS processes, policies and measures, in other words, the 'where are you today'.
  • We evaluate this information and as a result provide you with a roadmap to get from A (baseline) to Z (certification), including time and cost estimates.

Implement ISMS according to ISO 27001

The process in detail
1. Plan and review

Before we start with the ISO 27001 gap analysis, we define in an initial meeting the framework conditions in order to provide you with the best possible added value. Do you already have a scope of the ISMS to be established? What are your reasons for conducting the ISO 27001 gap analysis? What are your expectations?

Afterwards, we create an audit plan so that you can start coordinating the dates of the audit sessions, which are the interviews with the respective area managers.

Before conducting the interviews, we review your existing safety documents. These give us an initial indication of possible deficits.

2. Conduct interviews

Usually, we conduct the audit sessions or interviews on-site at your company. If desired, this can of course also take place remotely.

During the interviews with the department heads ( for example IT, purchasing, facility management, human resources, production, compliance, ...) we identify possible security weaknesses, as well as deviations from the requirements of ISO 27001. In parallel, we carry out technical samples. This enables us to assess whether relevant security aspects are actually integrated into business processes and whether your ISMS is 'lived'.

3. Deliver results

After we have conducted the audit sessions and examined your organization, we provide you with a detailed overview of your current implementation status or the maturity level of your ISMS according to ISO 27001. We document the identified action areas in a report. This gives you a pretty accurate idea of where the problem lies and what work is waiting for you.

You will receive additional 'start help' for the implementation of your ISMS from us in the form of an ISO 27001 roadmap. In it, we tell you which steps you should take in which order and how much time and resources you should plan for them.

4. Create awareness

Creating a certifiable ISMS requires the support of your organization's top management. Therefore, if desired, we are happy to conduct a management presentation at the end of the ISO 27001 gap analysis. In addition to the top findings, we will particularly address your ISO 27001 roadmap and sensitize your management to the following topics:

  • How should the implementation of an ISMS according to ISO 27001 usually be set up and which setup has proven itself in practice.
  • What framework conditions must be created for this.
  • What roles and tasks does the top management have within an ISMS so that the ISMS can also be effective and successful.
Do you want to know your ISO 27001 gap?

Let us get to know each other in a web meeting and let us determine whether your expectations harmonise with our services in the field of ISO 27001 gap analysis.

Yes, I would like to learn more!

Why ISO 27001 gap analyses with HvS?

 

Standard but still individual

Of course we have a structured approach, but not a 'stereotypical' one with predefined questionnaires or checklists, because every situation (business model, resource constitution, legal or contractual requirements, market situation, etc.) is different and also must be considered individually.

 

No 'pig in a poke'

Initially, you only commission us to carry out the gap analysis. In this way, you get to know our values and our approach better and can then decide whether we offer you the right support for setting up your ISMS. We will also be happy to provide you with some reference contacts.

 

Consulting and audit

We not only advise on ISO 27001, we also audit for the certification authority TÜV Nord CERT, so we know both sides very well. It is precisely these "two hearts in our breast" that enable us to take a pragmatic approach that nevertheless meets the requirements of a certification.

Other services that might interest you

ISMS according to ISO27001 Preview

Protect your sensitive business information according to best practices.

Read more
ISMS Policy Templates Preview

Individual ISMS & BCMS guidelines, ISO 27001 & NIS2-compliant - up-to-date, tested & tailored to your company. Discover the latest templates now!

Read more