What is an ISO 27001 Gap Assessment?
An ISO 27001 Gap Assessment is considered a form of internal audit and is performed to measure an organizations conformance or non-conformance to the ISO 27001 Clause 4-10 auditable requirements for an Information Security Management System (ISMS).
SecuraStar’s ISO 27001 Gap Assessment
Our Gap Assessment is a specialized product and service that was designed to provide an easy to ready Executive Management summary with a high level overview, business case and project plan for remediation. It also provides the information security department with a detailed low-level overview of ISO 27001 requirements vs evidences of conformity. The deliverables are used to identify gaps, establish a project plan and create a business case for the executive management team.
Regardless of the Gap Assessment findings, most organizations need to review each and every ISO 27001 clause 4-10 auditable requirement for documentation (Stage 1 documentation). Why? …because the ISO 27001 documentation is a cohesive set of related documents that connect to each other in chronological order to tell a story of an organizations management system in a continuous improvement cycle.
ISO 27001 Gap Assessment deliverables:
- ISO 27001 Scope Determination (1st Step) – Context of the Organization
- Clause 4-10 Assessment
- Annex A Control Maturity Assessment
- Executive Summary Report
- ISO 27001 Framework Diagram with Gaps
- ISO 27001 Project Plan
