SPECIALISTS IN INFORMATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)  

 

Gap analysis

You want to develop an ISO/IEC 27001 ISMS capability but you do not know how much work will be involved or how much of your organisation’s practices and technologies will have to change.

 

Your response - ask Gamma to perform a gap analysis

Gamma will perform a gap analysis for you.

We start by working with you to understand your intended scope and what you see as the issues, risks and opportunities relevant to information security and indeed the operation of the ISMS.

We will then determine and review your existing management practices against the requirements of the standard to identify both conformance and shortfalls. It is possible that if there are shortfalls, a range of options may exist as to how they might be remedied. We will discuss these with you so that in our report we can focus on those which are most likely to work within your organisation and style of management.

We will also determine your existing information security controls and review them against the controls given in Annex A to the standard. The controls in Annex A are not mandatory and therefore an omission does not necessarily indicate a gap. However, the work provides a head start in meeting the requirement to produce a Statement of Applicability and will indicate to us any exposure to information security risk not countered by your existing controls.

At the conclusion of our work we will provide you with a report, detailing work done, identifying conformance, gaps and risks, and making recommendations on how you may proceed.

Your next move

... simply email us, or telephone +44(0)1276 702 505. Why not do it now!