Home   >   Services   >   ISMS   >   Gap analysis ISO 27001 on the basis of IT-Grundschutz

Gap analysis ISO 27001 on the basis of IT-Grundschutz

The introduction of an information security management system (ISMS) based on IT-Grundschutz establishes measures that protect the information of your company or public organisation in terms of confidentiality, integrity and availability. Here, the methodology of the IT-Grundschutz of the German Federal Office for Information Security (BSI) is used.

Even if you do not currently operate an ISMS, we can support you with our gap analysis to identify the most important issues concerning your information security. Our gap analysis in accordance with BSI IT-Grundschutz offers you a comprehensive assessment of your information security practices. The aim is to identify possible gaps between the current security measures and the recommended standards. We proceed as follows:

 

Kick-off

  • Introductory meeting to define the objectives and expectations
  • Definition of a scope of application

 

Identification of the current status

  • Analysis of your existing IT security documentation and processes via interviews with responsible employees
  • Examination of security guidelines, procedures and documentation and comparison with BSI requirements
  • Determination of the maturity level of existing ISMS processes and the associated measures
  • If necessary, checking the implementation of technical security measures in systems and infrastructure
  • Assessment of the completeness and appropriateness of existing measures and processes

 

Reporting and recommendations for further steps

  • Detailed report on the conducted gap analysis
  • Prioritised recommendations for measures to close identified gaps
  • Approaches for optimising the ISMS or security process
  • Recommendations for training measures to increase the information security competence

 

Feedback and final meeting

  • Presentation of the analysis results and recommendations
  • Clarification of open questions and discussion of possible next steps

Your benefits

  • Comprehensive assessment of the relevant processes and documents by experts with many years of experience
  • Knowledge of the maturity level of your ISMS processes and the associated measures
  • Low resource commitment

  • Final report on problem areas, open issues and recommendations for further action
  • Ideal basis for setting up an ISMS