Gap-analysis in accordance with ISO 27001

With the implementation of an information security management system (ISMS) in accordance with ISO 27001, processes are established to protect information with regard to its confidentiality, integrity and availability. However, before starting an ISMS project, it is important to analyse whether and to what extent processes and associated measures have already been established.

Therefore, a preliminary gap analysis (also known as an ISMS inventory) should be undertaken by an independent organisation. TÜV TRUST IT has developed a standardised procedure for this purpose, which makes it possible to identify deviations between the TARGET and ACTUAL (the “gap”) and identify potential for optimisation.