Information Security Policies
Information Security Awareness Training
Speak to the Risk Factory Foreman, and he'll tell you everything you need to know.
Call us on 0800 978 8139
An ISO-27001 Compliance Gap Analysis is the process of identifying what your business is currently doing to protect its information assets and comparing that to what it must do to be compliant to the ISO-27001 Information Security Management System (ISMS) standard. The analysis compares your existing security controls against those established in the ISO-27001 standard to identify the “gap” and begin to fill it.
To help you focus. Because conducting a gap analysis results in a list of specific, prioritised actions your business needs to implement in order to become complaint to the applicable framework. This takes the guess work out of things and helps your business focus on making real (cost-effective) compliance progress.
The output from a gap analysis is critical for compliance project management and creating timelines, budgets and resources. In essence, it creates your “roadmap” to compliance.
You only need to do a gap analysis once to obtain a list of the specific activities required for compliance.
You will need to speak with the Factory Foreman to schedule the onsite work and identify the businesses key compliance stakeholders (managing director or operations director, finance director, human resource manager, IT director and information security or compliance manager) to be interviewed.