Services for your organisation

Gap analysis

First understand your organisation’s current position

Before you start setting up a management system, you’ll want to understand the current state of your organisation. This often gives you a clear idea of how much work is still needed before you are compliant. A baseline measurement or Gap analysis can help with this. A Gap analysis provides insight into where you currently stand in relation to the requirements set out in the standard or controls framework. A Gap analysis can be carried out for virtually any standard or controls framework.

Employees may sometimes find a Gap analysis daunting, but that’s not necessary. By first putting employees at ease, we gain better and more valuable insights. Our approach to a Gap analysis helps clients start a project with confidence. By outlining a clear picture during the Gap analysis and then delivering concrete actions, the organisation gains clear insight into where improvements can be made.

Jasper Witteveen

Jr. Consultant

Protify can support your organisation in performing a gap analysis for ISO 27001, ISO 27701, ISO 22301, EN 50518 and a controls framework.

How does a Gap analysis work?

During the analysis, we hold discussions with key stakeholders and review existing documentation. The Gap analysis itself is carried out within one working day. Topics covered include:

What is the structure of the documented information within the management system?

In what way has the organisation made clear what it does and which stakeholders are involved? How, for example, is compliance with applicable laws and regulations embedded in the organisation’s operations?

How are activities carried out within the organisation, which processes are required for this, and are these covered by the management system or the controls framework?

What policies have been established regarding employees and suppliers? Who and what is required to carry out the core process: the service delivery?

Which hardware, software, network and facilities are used within your organisation?

If software is developed within your organisation, how is this done?

Have all company assets been identified, and what risks are they exposed to?

How do you measure the effectiveness of your management system? How is the PDCA cycle ensured? And how is this assurance made demonstrable?

After the Gap analysis

No later than two weeks after the Gap analysis is conducted, you will receive the report and can start, independently or with guidance, developing your ISMS, PIMS, BCMS or controls framework.

The report includes all our findings. It outlines any ‘gaps’ or shortcomings in relation to the requirements of the standard or controls framework. In addition to identifying these findings, we also advise on the actions needed to meet the standard or controls framework requirements. We will review the report in a personal session and provide a detailed explanation.

Want to know how your organisation is doing?

Would you also like insight into your organisation’s current state and benefit from our support?
Then get in touch with us!

Why choose a gap analysis

A Gap analysis clearly shows where your organisation currently stands in terms of security: which measures are well established and where weaknesses or shortcomings lie.

The process of a Gap analysis raises awareness of security and increases engagement among employees and management, which is crucial for a strong security culture.

If you are aiming for ISO 27001 certification, for example, a Gap analysis helps you determine what still needs to be done to meet the standard. This makes the audit process much smoother.

With the results of the Gap analysis, you can create a concrete action plan tailored to your organisation, allowing you to improve your security in a focused and efficient way without incurring unnecessary costs.

You can read more about the Gap analysis for ISO 27001 compliance in our blog article about the Gap analysis for ISO 27001.

Welcome to Protify.