ISO 27001 GAP ANALYSIS
If you are looking to start the journey towards ISO 27001 certification and seek independent verification of your Information Security Management System, Plan-Net can help. We work with organisations across the UK to assess their readiness, determine areas of weakness and recommend improvements to assist with accredition ambitions.
Plan-Net's ISO 27001 Gap Analysis measures security processes and procedures against a number of control objectives and controls including the management of the following:
- Security policy
- Corporate security
- Organisational asset
- Human resources security
- Physical and environmental security
- Communications and operations
- Information access control
- Information systems security
- Information security incident
- Business continuity
As part of the analysis, we tend to engage with clients in the following way:
- Defining the business requirement for security to understand the scope, risks and management commitment and business drivers for implementing ISO 27001.
- Conducting a high level review of existing security documentation to discover current policy and procedures and establish the accuracy and completion status of the documentation.
- Interviews with key staff to understand the actual security practices in place.
- Comparing the findings of the above exercises with the control requirements of ISO 27001/ISO 27002 - the 'Gap Analysis'.
- Preparation of a report listing the findings and recommendations complete with a list of prioritised key recommendations. The report also details the work that your company will need to undertake before putting itself forward for accreditation. It will point out priority areas and provide a compliance 'heat map' to help you with the next stage of planning.