ISO 27001 Gap Analysis

If you are looking to start the journey towards ISO 27001 accreditation and seek independent certification of your Information Security Management System Plan-Net can help. We work with organisations across the UK to assess their readiness, determine areas of weakness and recommend improvements to assist with accredition ambitions.

Plan-Net's ISO 27001 Gap Analysis measures security processes and procedures against a number of control objectives and controls including;
- Security policy management
- Corporate security management
- Organisational asset management
- Human resources security management
- Physical and environmental security management
- Communications and operations management
- Information access control management
- Information systems security management
- Information security incident management
- Business continuity management
- Compliance management

What the analysis entails;
Defining the business requirement for security to understand the scope, risks, management commitment and business drivers for implementing ISO 27001.

Conducting a high level review of existing security documentation to discover current policy and procedures and establish the accuracy and completion status of the documentation.

Interviews with key staff to understand the actual security practices in place.

Comparing the findings of the above exercises with the control requirements of ISO 27001/ISO 27002 - the 'Gap Analysis'.

Preparation of a report listing the findings and recommendations complete with a list of prioritised key recommendations. The report also details the work that your company will need to undertake before putting itself forward for accreditation. It will point out priority areas and provide a compliance 'heat map' to help you with the next stage of planning.

Getting Accredited
To start your journey towards ISO 27001 accreditation call the team on 020 7353 4313 or click here