ISO 27001 INFORMATION SECURITY GAP ANALYSIS
In this evaluation, we call it as “gap analysis”, the difference between the current situation of the organization taking consultancy service for ISO 27001 Information Security Management System and its target situation is revealed in detail. Of course, since the headline is ISO 27001 Gap Analysis, I made such a description; however, gap analysis can be carried out for most systems, too.
Thanks to ISO 27001 Gap Analysis carried out, I have been trying to give information about your distance toward Information Security Management System standard diagrammatically. According to the results at the end of this analysis, I estimate how many days the whole process will require by taking into consideration what actions will be taken, what will be done, when and by whom they will be applied and even the assignment of lead time.
What is Gap Analysis?
I seem to hear that you already asked this question. As someone who defends the fact that visual education is much more successful than the traditional ones, I will try to explain this process by using some pictures.
While carrying out the gap analysis, first of all I make an evaluation about the conditions between 4th clause and 10th one (which are the main clauses of the standard) are met to what extent.
Then, the legitimacy of 114 control clauses in Appendix-A of the standard is checked. For an example related to this
After this evaluation, we provide detailed reports to the company. They include graphs which show to what extent each clause of the standard is met with your current situation.
With the result after this graphic presentation, in this ISO 27001 Information Security Management System Gap Analysis we can also see what percentage departments in the company are complied with the standard.
If you also want to conduct a Gap Analysis related to ISO 27001 Information Security Management System, you can contact with me via this link.