ISO 27001 Gap Analysis Services

For organizations that control information systems and/or control and process personal data and other information, in order to ensure proper information and cyber security management and personal data protection, it is appropriate to implement and maintain an Information Security Management System (hereinafter – ISMS) that meets the Standard ISO/IEC 27001 requirements

Organization can get an independent GAP analysis of existing information and cyber security management according to the requirements of ISO 27001 at the beginning of the ISMS implementation, or before the certification audit of ISMS.

The purpose of the GAP analysis of ISMS to the requirements of standard ISO 27001 (GAP analysis) is to perform an assessment of the organization’s ISMS deficiencies for the requirements of the ISO 27001 standard in order to assess what is missing in order to implement ISMS in the organization (before ISMS implementation) and/or to make sure that ISMS is fully implemented in the organization scope and the organization is ready for ISMS certification (after ISMS implementation).

• We collect and analyze information and cyber security management documentation
• We determine and analyze the organizational structure of information and cyber security management
• We prepare a list of ISMS documents to be created and corrected as well as the requirements for their content
• We establish a matrix of functions and responsibilities of departments and employees responsible for ISMS support
• We prepare a list of activities necessary to fully implement ISMS and prepare for certification
• We identify ISMS deficiencies to the requirements of the ISO 27001 standard and a plan for their elimination
• We advise on eliminating ISMS deficiencies for the requirements of the ISO 27001 standard and during ISMS certification process

• Information and cyber security management documents were analyzed . The current situation of existing information and cyber security and personal data protection management is scrutinized.
• The organizational structure of information and cyber security management is analyzed . An analysis of the organizational structure of information and cyber security management has been performed, and the current situation is described.
• A list of ISMS documents is created. A list of corrections to internal legal acts regulating information and cyber security, or a list of newly prepared legal acts, has been determined in order to implement an ISMS that fully meets the requirements of the Standard.
• A matrix of functions and responsibilities of departments and employees responsible for ISMS support has been prepared, which is necessary to ensure ISMS support.
• A list of activities necessary to implement the ISMS and prepare for certification has been prepared, according to which the organization could fully and independently implement the ISMS and prepare for certification.
• Identified and documented deficiencies of the ISMS for the requirements of the ISO 27001 standard and prepared a plan for their elimination.
• Consultations were provided for ISMS deficiencies elimination and during the ISMS certification process.

• Properly prepared for ISMS implementation
• Deficiencies of the ISMS for the requirements of the ISO 27001 standard were identified and a plan for their elimination was prepared
• Eliminated ISMS deficiencies for ISMS standard ISO 27001 requirements
• Prepared for ISMS certification and successfully audited ISMS

• Implementation of ISMS and IT PVS of the National Health Insurance Fund
• ISMS internal audit in the IT and Communications Department