Skip to Main Content
Strengthen your email security practices with 50% off e-learning | Shop now
ISO 27001 Gap Analysis

ISO 27001 Gap Analysis

SKU: 3756
Format: Consultancy
Availability: Always Available

A specialist, in-person review of your current information security posture against the requirements of ISO/IEC 27001:2013 or ISO/IEC 27001:2022.

Get the true picture of your ISO 27001 compliance gaps, and receive expert advice on how to scope your project and establish your project resource requirements.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account.  Apply online today or call our service centre team on 00 800 48 484 484.

 COVID-19: remote delivery options

We would like to reassure our clients that all training and consultancy services will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we are adjusting our delivery methods to allow us to provide consultancy services, penetration tests and training remotely where necessary. Please also refer to our COVID-19 policy.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

Our ISO27001 Gap Analysis will provide you with an informed assessment of:

  • Your compliance gaps against ISO 27001;
  • The proposed scope of your information security management system (ISMS);
  • Your internal resource requirements; and
  • The potential timeline to achieve certification readiness.

What to expect:

An ISO 27001 specialist will interview key managers and perform an analysis of your existing information security arrangements and documentation.

Following this, you will receive a gap analysis report collating the findings of these investigations. The report will detail areas of compliance and areas requiring improvement, and provide further recommendations for the proposed ISO 27001 compliance project.

The report includes:

  • The overall state and maturity of your information security arrangements;
  • The specific gaps between these arrangements and the requirements of ISO 27001;
  • Options for the scope of an ISMS, and how they help to meet your business and strategic objectives;
  • An outline action plan and indications of the level of internal management effort required to implement an ISO 27001 ISMS; and
  • A compliance status report (red/amber/green) against the management system clauses (clause-by-clause), as well as the information security controls (control-by-control) described in ISO 27001:2013 or ISO 27001:2022.

View a sample report document here >>>

Why get a customised, in-person gap analysis?

Questionnaire-based gap analyses don’t provide the level of expert analysis and insights you get from a specialist. With an in-person gap analysis, you will have a clear idea of the proposed scope of the ISMS, be able to set realistic project expectations, and obtain customised and detailed information necessary to develop a strong business case for implementing an ISO 27001-compliant ISMS.


The price quoted is applicable for organisations with up to 250 employees and one major site (location).

The fee excludes any additional expenses such as travel or accommodation, if necessary. The time required to complete the gap analysis often depends on the size and complexity of the organisation, but the final report will normally be delivered within ten working days of the initial site visit(s)/online assessment. If the exercise is likely to take longer than this because of organisational complexity, we will tell you at the outset.

"Deciphex evaluated a number of companies to assist us with ISO 27001 Implementation and Certification, ultimately choosing IT Governance Europe as the best provider. Their proposed solution to carry out an ISO 27001 Gap Analysis and Implementation project, provided us with the skilled expertise and guidance we needed for this journey.

Our consultant, Sharon O'Reilly brought a high-level of expertise and knowledge to this project, led us through the development of key management processes and provided critical input and feedback during the project. Thanks to the assistance of IT Governance Europe and their team we have passed our Stage 2 audit and have been recommended for Certification by our accredited Certification Body.

We would highly recommend IT Governance Europe to anyone who is looking for support with their ISO 27001 project, as their understanding and experience in this field is unrivalled."

- Shane Ryan, Chief Information Officer, Deciphex

Customer Reviews