To play, press and hold the enter key. To stop, release the enter key.

ISO 28000 Gap Analysis


Why get a customized, in-person ISO 28000 gap analysis

Questionnaire-based gap analyses don’t provide the level of expert analysis and insights you get from a specialist. With an in-person gap analysis, you will have a clear idea of the proposed scope of the ISO 28000, be able to set realistic project expectations, and obtain customized and detailed information necessary to develop a strong business case for implementing an ISO 28000-compliant Management System.

Organizations encourage ISO 28000 Gap Analysis to -

  • Implement an ISO 28000 Standard based management system and would like to identify the baseline to measure progress.

  • Earn a ISO 28000 management system certification in near future after having implemented the ISO management system.

  • Defeat the complacency that has set in over a period of time.

  • Identify and plug the gaps well before the client visit or customer audit.

  • Add new site to the existing Organization scope of business.

  • Add new product or service to the existing scope of business.

  • Ramp up the work-force.

  • Carry out process re-engineering.

  • Organization restructuring.

  • identify global best practices in the ISO 28000 management system.

  • Know what makes ISO management system ISO 28000 work for 360 degree improvement in the organization processes

  • conduct suppliers' system ISO 28000 capability & maturity appraisal from time to time


ISO 28000 Gap Analysis Features

·         Your management System scope applies to what product lines, ISO 28000 Standard clauses, and facilities that you are planning on registering. You do not have to register every product line. To define the scope within the Gap Analysis we look at what processes need to be included and described within the Organization. The output is a draft process map. Next we examine each clause of the ISO 28000 Standard. There are over hundreds of requirements that we count to see which ones apply and how an organization may be conforming. These requirements include mandatory records, and required procedures, manual, and many process needs that must be fulfilled, but there is a lot of leeway on how you might fulfill those requirements.

·         For example, collecting customer feedback on “deviations from needs & expectations” is a required process and that must be measured, is a requirement, but how you do this is totally up to you. You do not have to write a procedure for this or keep a record of measurements. As odd as this  sounds you have to free your mind of paper solutions and think of visual or electronic methods that could accomplish this.

·         The output of the ISO 28000 Standards “requirements” count is a histogram that shows you how your organization stacks up, clause by clause, and a list of possible exclusions of areas within clauses that may not apply. Each exclusion claimed will require a proper justification within the Documented Framework. In the Gap Analysis we should be able to give you an idea on possible exclusions.


Dedicated Specialists for ISO 28000 Gap Analysis

A specialist, in-person review of your current information security posture against the requirements of ISO 28000

Get the true picture of your ISO 28000 compliance gap, and receive expert advice on how to scope your project and establish your project resource requirements.

ISO 28000 Gap Analysis Brief Description

Our ISO 28000 Gap Analysis will provide you with an informed assessment of:

  • Your compliance gaps against ISO 28000;

  • The proposed scope of your ISO 28000 management system

  • Your internal resource requirements; and

  • The potential timeline to achieve certification readiness.


What to expect from ISO 28000 Gap Analysis:

An ISO 28000 specialist will interview key managers and perform an analysis of your existing information security arrangements and documentation.

Following this, you will receive a gap analysis report collating the findings of these investigations. The report will detail areas of compliance and areas requiring improvement, and provide further recommendations for the proposed ISO 28000 compliance project.

ISO 28000 Gap Analysis report includes:

  • The overall state and maturity of your information security arrangements;

  • The specific gaps between these arrangements and the requirements of ISO 28000;

  • Options for the scope of an ISO 28000, and how they help to meet your business and strategic objectives;

  • An outline action plan and indications of the level of internal management effort required to implement an ISO 28000 and

  • A compliance status report (red/amber/green) against the management system clauses (clause-by-clause), as well as the information security controls (control-by-control) described in ISO 28000