About

An ISO 27001 gap analysis or internal audit checks a client’s compliance with the requirements of the ISO 27001 standard for an organisational information security management system (ISMS). A gap analysis is usually completed when an organisation prepares for ISO 27001 certification. An internal audit usually occurs regularly while an organisation is ISO 27001 certified, and is a mandatory requirement of this standard.

How we can help

Pākiki can provide a consultant that can work with you on:

• Evaluating your organisation’s compliance with ISO 27001 clauses 4-10.
• Reviewing current security policies, processes and other relevant ISMS documentation.
• Reviewing consistency of the Statement of Applicability (SOA).
• Evaluating the effective control implementation in alignment with the SOA.
• Reviewing existing processes to monitor, evaluate and improve the ISMS.
• Identifing deficiencies and non-conformities as well as roadmaps for their mitigation and treatment.

Methodology

The particular methodology will vary depending on the clients needs, however broadly speaking the methodology is:

• Information Gathering: Understanding your current level of compliance with the ISO 27001 Standard.
• Review Gaps: Understand where there are current gaps in your compliance with the ISO 27001 Standard.
• Provide advice: Take the output of the above checks, and use our understanding of your business and the requirements of the ISO 27001 Standard to provide practical, tailored advice on how to improve your compliance, get ready for certification or to successfully maintain your current certificate.

Get in touch

We’d love to hear more about your organisation, and to discuss how we can help.