Gap analysis ISO 27001 on the basis of IT-Grundschutz
The introduction of an information security management system (ISMS) based on IT-Grundschutz establishes measures that protect the information of your company or public organisation in terms of confidentiality, integrity and availability. Here, the methodology of the IT-Grundschutz of the German Federal Office for Information Security (BSI) is used.
Even if you do not currently operate an ISMS, we can support you with our gap analysis to identify the most important issues concerning your information security. Our gap analysis in accordance with BSI IT-Grundschutz offers you a comprehensive assessment of your information security practices. The aim is to identify possible gaps between the current security measures and the recommended standards. We proceed as follows:
Kick-off
- Introductory meeting to define the objectives and expectations
- Definition of a scope of application
Identification of the current status
- Analysis of your existing IT security documentation and processes via interviews with responsible employees
- Examination of security guidelines, procedures and documentation and comparison with BSI requirements
- Determination of the maturity level of existing ISMS processes and the associated measures
- If necessary, checking the implementation of technical security measures in systems and infrastructure
- Assessment of the completeness and appropriateness of existing measures and processes
Reporting and recommendations for further steps
- Detailed report on the conducted gap analysis
- Prioritised recommendations for measures to close identified gaps
- Approaches for optimising the ISMS or security process
- Recommendations for training measures to increase the information security competence
Feedback and final meeting
- Presentation of the analysis results and recommendations
- Clarification of open questions and discussion of possible next steps