ISO 27001/2 Gap Analysis
Leverage the competitive advantage offered by adopting the global standard for information security at your organisation.
The complexity of ISO 27001 means it often takes an independent eye to fully understand an organisation’s relationship with the standard. Engage with Commissum for your ISO27001/2 Gap Analysis and you receive the sort of insight that can only come from external expertise of the standard.
An ISO27001/2 Gap Analysis with Commissum provides you with:
- Improvements in security based on industry best practices
- Achievement and shortfall in ISO 27001 / 2 control areas relevant to your business
- A plan of activities to help you achieve ISO 27001 compliance
- Expert comment on formal ISO 27001 certification
This will enable you to make decisions along industry best practice lines for improvement of information security at your organisation.
If you decide to seek out formal certification to ISO 27001, the Gap Analysis identifies areas for remediation, for which Commissum can provide a roadmap to compliance.
Our Approach
The Gap Analysis is an audit, focused on identifying the appropriate implementation of ISO27001 and outlining the improvements required to achieve this.
Our approach covers:
- A review of information security policy, and advice on agreed scope of the ISMS (Information Security Management System)
- A risk assessment workshop
- Collaboration to agree control objectives, producing a Statement of Applicability
- Review of controls via interview, observation and inspection
- An Information Security Management status report and findings workshop, at which the gap analysis is agreed
- A final report with recommendations for improvement and options towards implementation of ISO 27001
ISO 27001 Transition Management
Commissum can manage the process of transitioning to ISO27001, preventing internal staff from being tied up interpreting and implementing the standard and thereby minimising impact on your business.
Establishing an appropriate ISMS (Information Security Management System) as required to reach ISO27001 can be daunting. With our assistance, that needn’t be the case.
By implementing ISO 27001 at your organisation, your confidential information is secured through proven controls, giving you a competitive advantage as the standard increasingly becomes a prerequisite for conducting business. We’ll provide you with:
- Recommendations on business areas, systems and processes requiring security improvements based on industry best practice
- Statement of achievement and shortfall in ISO 27001 control areas relevant to the business
- Roadmap and plan of activities for ISO 27001 compliance
- Expert comment and advice on seeking formal ISO 27001 certification
- Ongoing support to establish a formalised ISMS (Information Security Management System)
- Mentoring and guidance to empower your staff to establish an effective security culture
Our cross-industry experience and collaborative approach enables Commissum to assist your organisation in establishing an Information Security Management Framework appropriate to your business needs.
Our approach includes:
- A review of business drivers and risk posture of organisation
- Collaboration to agree on the scope of the Information Security Management System (ISMS)
- Identification of business-critical assets & risk assessment against these
- ISO 27001 Gap Analysis to review controls
- Information Security Management status report & findings workshop
- Establishing a roadmap and risk treatment plan including identification of appropriate control objectives
- Definition of Statement of Applicability
- Support throughout the process of implementing a programme of improvement to establish a formal ISO 27000-based ISMS