ISO 27001 Gap Analysis is an internal-audit process often undertaken to evaluate an organizations conformity or non-conformity to the specific requirements of Clause 4 through 10 or to specific requirements of Annexure A of ISO/IEC 27001:2013 standard.
Our Gap Analysis report provides Executive Management with high level view of the gaps that exists within the company’s ISMS as compared to the specific requirements of the ISO/IEC 27001:2013 standard. It also provides management with timeline, budgets and project plan for remediation. The report also provides the information security department with details of requirements of ISO/IEC 27001:2013 viz-a-viz gaps in controls as is supported by evidence or lack thereof. The report is often used for building a remediation project plan and for building a business case for it.