ISO 27001 Gap Assessment
Understand clearly where there may be holes or gaps in your organisation’s security mechanism based on the ISO27001 standard.
ISO27001 Gap Assessment
The purpose of the ISO27001 gap assessment is to identify any areas where current security practices do not align with the ISO/IEC 27001 standard, and to provide recommendations for improving overall security posture. All organisations that deal with confidential information or maintain critical systems should uplift their information security policies. This includes small, medium, and large enterprises, government departments, non-profit organisations, and any other type of organisation.
The 3-phase approach can be customised to suit your timeframe and requirements, however, it will typically be a 4-week timeframe with the following breakdown of tasks:
Engage & Discuss
A Holocron consultant will engage stakeholders in your organisation to understand the business, infrastructure, and its information security needs. Then will meet with the stakeholders in the organisation to discuss any objectives, needs, and challenges the organisation may be facing.
The aim is to gather information and contact details of any key stakeholders, third party companies, or platforms.
The consultant will conduct a thorough review of the organisation’s information security systems and practices, review documentation, observe processes, and test systems and controls.
In addition, the consultant will gather data and evidence to help evaluate the effectiveness of the organisation’s information security measures and conduct workshops with key stakeholders to understand the organisation’s information security.
Analyse & Assess
The consultant will then begin to compile a report detailing the findings of the gap assessment. This report will entail an itemised list of ISO27001 controls, what is required to meet the control, and what state your organisation is in meeting each particular ISO27001 control item. An internal peer review will then follow, where fellow senior consultants will review the report to ensure accuracy of findings.
Presentation and Consultation
The consultant will then meet with key stakeholders in your organisation to discuss the gaps found and recommendations in the report. The final report will be presented and provide recommendations for improving the organisation’s information security systems and practices to align with ISO27001.
What is ISO27001?
ISO27001 is an international standard that outlines how to effectively manage information security. The standard was originally published jointly by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) in 2005 and revised in 2013.
By achieving certification, your organisation is proving that a mature and comprehensive Information Security Management System (ISMS) is in place and managed. This can improve existing relations with clients by demonstrating that you value information security.
The Benefits for Your Organisation
The Risks of Not Becoming ISO27001 Certified
Talk to a cyber security expert today and secure your systems & data
Talk to one of our leading cyber security experts today, about how we can help you mitigate threats and safeguard your business.
30 min. consult with a trusted security expert