The complete guide to ISO 27001 Gap Analysis

Home / ISO 27001 / The complete guide to ISO 27001 Gap Analysis

ISO 27001 Gap Analysis

An ISO 27001 Gap Analysis assesses your compliance to ISO 27001, the international standard for information security.

ISO 27001 is a management system that is comprised of 114 management controls.

In addition it includes Annex A controls which are often referred to as ISO 27002. Annex A is made up of 114 business controls.

You can see the difference between ISO 27001 and ISO 27002.

The number of controls changed in 2022.

What is an ISO 27001 Gap Analysis?

To know where you are going it makes sense to know where you are. A gap analysis is a review of how close you are to meeting the standard, the gaps and what you must do to close those gaps.

ISO 27001 Gap Analysis Template

Toolkit Icons ISO 27001 Gap Analysis and Audit Toolkit Black

The ISO 27001 Gap Analysis Template and ISO 27001 Checklist will fast track your ISO 27001 Gap Analysis.

How to perform an ISO 27001 Gap Analysis

For each of the ISO 27001 controls, read the clause and analyse if that is requirements is already implemented in your organisation. The implementation will be on a sliding scale from does not exist to fully implemented. You can either do it yourself with an ISO 27001 Gap Analysis template or tool, or you can get specialist consulting help.

Time needed: 1 day

How to perform an ISO 27001 Gap Analysis

  1. Get a copy of the ISO 27001 standard

    Purchase a copy of the ISO 27001 standard from a reputable source

  2. Download a copy of the ISO 27001 gap analysis tool

    Download a copy of the ISO 27001 gap analysis tool.

  3. Asses your business against the controls

    For each control assess if, and to what extent, your business has implemented the controls

  4. Draw up a plan to close the gaps

    Where your business has not implemented, or only partially implemented, the required controls you should draw up an implementation plan to close the gaps.

  5. Consider specialist help

    Getting a specialist to help you perform the gap analysis brings experience and guidance on what to do next. Consider getting consulting help: https://hightable.io/consulting/

ISO 27001 Gap Analysis FAQ

How long does an ISO 27001 gap analysis take?

On average an ISO 27001 gap analysis with a consulting firm will take 5 to 10 days. It actually only takes 2 days for someone that knows what they are doing and how to do it. If you are doing it yourself it can take up to a month.

How much does an ISO 27001 gap analysis cost?

On average an ISO 27001 gap analysis with a consulting firm will cost around £8,000. With High Table it costs £2,500.

Where can I download an ISO 27001 gap analysis template?

You can download an ISO 27001 gap analysis template.

What is an ISO 27001 Gap Analysis Checklist?

It is a list of the required controls that you complete to assess how and if you have implemented the required controls. It includes what you need to do to close the gaps.

What are the benefits of an ISO 27001 Gap Analysis?

The benefits of an ISO 27001 Gap Analysis are that it allows you to see how close you are currently to meeting the standard and how much work you must do to close any gaps. It will then allow you to plan the controls implementation and plan and schedule your certification audit. There is no point in booking the ISO 27001 certification audit if you have not implemented the required controls to the required level.

Does an IS27001 Gap Analysis cover GDPR?

No, not directly. It does cover principle 6 maintain adequate security but GDPR and Data Protection are much wider than information security.

Stuart - High Table - ISO27001 Ninja - 3
ISO 27001 Toolkit Business Edition

Do It Yourself ISO27001 with the Ultimate ISO27001 Toolkit

Stop Spanking £10,000s on Consultants and ISMS Online Tools.

March Deal – Life Time Access – Save 50%