paint texture

ISO-27001 Compliance Gap Analysis

The process of identifying what your business must do to be compliant to ISO-27001
paint texture
Risk Factory Guarantee Badge

The Risk Factory Guarantee

No questions asked, full refund if you are not 100% happy.
Find Out More
Megaphone paint texture

Factory Fact

The average cost of a security breach for a small company is £115k.
View our resources
Ringing Phone Icon paint texture

Need some help?

Speak to an expert. Contact our “Factory Foreman” and he can answer any questions you may have.

Call us on:
0800 978 8139
Contact Us

get an instant quote

Number of Services

Number of Locations

Price: £0.00

What is it?

An ISO-27001 Compliance Gap Analysis is the process of identifying what your business is currently doing to protect its information assets and comparing that to what it must do to be compliant to the ISO-27001 Information Security Management System (ISMS) standard. The analysis compares your existing security controls against those established in the ISO-27001 standard to identify the “gap” and begin to fill it.

Why should I do it?

To help you focus. Because conducting a gap analysis results in a list of specific, prioritised actions your business needs to implement in order to become compliant to the application framework. This takes the guesswork out of things and helps your business focus on making real (cost-effective) compliance progress.

The output from a gap analysis is critical for compliance project management and creating timelines, budgets and resources. In essence, it creates your “roadmap” to compliance.

How often should I do it?

You only need to do a gap analysis once to obtain a list of the specific activities required for compliance.

What will Risk Factory do?

  • Conduct an on-site analysis of your current operations and controls against those required for compliance to the ISO 27001 ISMS standard.
  • Interview your business key compliance stakeholders and confirm the evidence produced by your operations and controls against that required by ISO 27001.
  • Conduct a Security Vulnerability Assessment of the exterior-facing IP addresses associated with your network.
  • Analyse the findings and produce a detailed report identifying the existing gap between your operations and controls and those required for compliance to ISO 27001.
  • Produce a prioritised list of activities for your business to undertake to obtain compliance.

What will I receive?

  • Comprehensive gap analysis against ISO 27001 and report of findings indicating your existing compliance status. To see a sample report, contact the Risk Factory Foreman.
  • A draft project management plan detailing the specific actions required for compliance in order of significance and with data fields allotted to budget, resource and completion dates to help you manage your compliance program efforts.
  • Two weeks of on-call (telephonic) support from an information security compliance consultant to answer any questions you may have regarding your road map to compliance.

Do I need to do anything in advance?

You will need to speak with the Factory Foreman to schedule the onsite work and identify the businesses key compliance stakeholders (managing director or operations director, finance director, human resource manager, IT director and information security or compliance manager) to be interviewed.

Please consider updating your browser

This website has been designed using modern web technologies which unfortunately, are not supported by your browser. This means that many parts of the site will not function as intended.