Firmus can assist organizations seeking to establish an Information Security Management System in accordance with ISO/IEC 27001:2013.
Our consultants have in-depth knowledge & experience of the standard and the auditing process. We are able to help develop and build security programs both in alignment with the 27001 standard.
By leveraging knowledge of both standards as well as successful real-world implementations, we are able to help you build a practical and workable ISMS while pursuing 27001 certification.
ISO 27001 GAP Analysis
FIRMUS consultants can conduct a ISO 27001 Gap Analysis to systematically measure the current state of an organisation’s security processes and procedures against the ISO27001 stated control objectives:
Our consultants tend to approach the GAP analysis by;
- Assisting our clients to define and understand the scope, risks and management commitment and business drivers for implementing ISO 27001.
- Reviewing the existing security documentation towards understanding the current state of established security policies and procedures.
- Interviewing related employees to gauge the security policies and procedures currently being followed.
A report with our findings and recommendations will be provided to you at the end of the engagement. The document will also provide the work that your organization will need to do before it is ready to apply for ISO27001 certification.
Preparation of a report listing the findings and recommendations complete with a list of prioritized key recommendations. The report also details the work that your company will need to undertake before putting itself forward for accreditation. It will point out priority areas and provide a compliance ‘heat map’ to help you with the next stage of planning.