GAP Analysis

The first step towards managed security

GAP analyses can be carried out as a stand-alone measure, but they are the first process step in setting up an information security management system (ISMS).

This page presents the different options for conducting GAP analyses.

See also: Entry page Managed Security for the remaining process steps to build an ISMS.

Analyses for planning security measures

GAP analyses provide decision-making bases for planning your security processes. They are thus part of the planning phase in the PDCA cycle of the ISO standards. Every organisation has individual information security requirements, so the required scope and extent of measures can vary greatly.

In the beginning, a standard GAP analysis should be carried out in the first pass. It is suitable for every company because it covers generally applicable best practices and legal requirements, e.g. for corporate data protection. Later, depending on the requirements or gaps found, further, more specific analyses can be carried out.

Approach

Together we take a close look in one or more workshops. Using standardised questionnaires and checklists, employees are interviewed, existing processes and documents are reviewed and missing technical and organisational measures are identified. The result is a list of security or compliance gaps, which we evaluate and prioritise in a later step.

GAP analyses can be carried out when setting up a security process, for the preparation of self-assessments for customers or as an internal audit in preparation for certification. No matter which variant you choose, I will be at your side with expert advice and high-quality document templates and will guide you through the process.

Intended audience, prerequisites and duration

GAP analyses for every need

The different GAP analyses with their respective assessment criteria and questionnaires are briefly presented below. If your desired catalogue or assessment is not listed, please contact me. The assessment standard for the GAP analyses can be adapted to any control model and can be customised to your operating environment.

Standard Information Security Assessment (ISA)

ISA according VDA5 or TISAX®

Vulnerability scans and security tests for applications or IT infrastructure

Examples of company-specific questionnaires and test standards

Assessment and reporting

Image: Network diagram with example of a maturity assessment according to ISO27001:2013 Annex A

 

Your Benefits

Initial consultation free of charge and without obligation
Correct contractual coverage of services
Reproducible results through standardised methodologies and best practices
Professional implementation and reporting by an ISO27001 auditor
Manageable costs, through fixed prices for individual workshops and security tests
Proof of independent security analyses (e.g. for your ISMS according to ISO27001 or for self-assessments)

Further information

Would you like a non-binding initial meeting or a personal consultation?
A simple enquiry is all it takes!
Call me: 06423 963 410 or write to: info(at)vangestel.de