ISO 27001 Gap Analysis is an internal auditing procedure. Many a time, the process is undertaken to evaluate the conformity or non-conformity to certain requirements of Clause 4 through 10 or to certain requirements of Annexure A of ISO/IEC 27001:2013 standard.

Our Gap Analysis report gives a high-level view of the gaps that are present within the organization’s ISMS as compared to the specific requirements of the ISO/IEC 27001:2013 standard.

The report provides a timeline, budgets as well as the project plan for remediation to the Executive Management. In addition, it also provides the information security team with necessary details about the requirements of ISO/IEC 27001:2013 viz-a-viz gaps in controls as is supported by evidence or lack thereof.

The report is often used for building a remediation project plan along with a business case for it.