Gap analysis

INFODAS GmbH offers consulting services for the implementation of an ISMS (information security management system) according to ISO 27001 as well as according to ISO 27001 based on BSI IT-Grundschutz. Such an ISMS may be subject to ISO 27001 certification later in the project. A company that wishes to be certified according to one of the two types of the standard must therefore have implemented and operated a full ISMS.
The ISO 27001 is the international standard for information security while BSI IT Grundschutz is the nationally oriented counterpart of the Federal Office for Information Security (BSI).

The estimation of the cost of implementing an ISMS is often difficult because the complexity varies widely. A gap analysis (target / actual comparison) is a suitable instrument for assessing a project in a sustainable and resilient manner. This analysis is based on the requirements for an ISMS, which can be made up of safety guidelines, procedures and practices, are compared with the current degree of implementation of these requirements in the company and gaps are identified with the requirements of the respective standards. Regardless of the chosen standard, INFODAS GmbH supports companies and authorities fully during this GAP analysis and the resulting derivation of the effort for an ISMS implementation project as well as the tasks, work packages or projects necessary to close the identified gaps.

In addition, this service product is variable and flexible. It is thus possible to integrate company-specific regulations or other standards and standards as test points (eg IT security law, IT security catalogs, federal and state data protection laws, emergency management (according to 100-4 or ISO 22301).

A gap analysis is always carried out by at least two project-oriented and correspondingly certified IT security consultants of INFODAS GmbH. Depending on the customer’s request, the project team is compiled in a project-specific manner.

  • The GAP analysis includes a resource-friendly measurement of the degree of conformity of the requirements of the ISO 27001 standard;
  • the identification of the gaps between the requirements of the standard and the existing implementation, which are documented in a detailed report and presented on request on the spot
  • a concrete and pragmatic planning basis for an ISMS implementation project