To play, press and hold the enter key. To stop, release the enter key.

ISO 31000 Gap Analysis


Why get a customized, in-person ISO 31000 gap analysis

Questionnaire-based gap analyses don’t provide the level of expert analysis and insights you get from a specialist. With an in-person gap analysis, you will have a clear idea of the proposed scope of the ISO 31000, be able to set realistic project expectations, and obtain customized and detailed information necessary to develop a strong business case for implementing a ISO 31000-compliant Management System.

Organizations encourage ISO 31000 Gap Analysis to -

  • Implement an ISO 31000 Standard based management system and would like to identify the baseline to measure progress.

  • Earn a ISO 31000 management system certification in near future after having implemented the ISO management system.

  • Defeat the complacency that has set in over a period of time.

  • Identify and plug the gaps well before the client visit or customer audit.

  • Add new site to the existing Organization scope of business.

  • Add new product or service to the existing scope of business.

  • Ramp up the work-force.

  • Carry out process re-engineering.

  • Organization restructuring.

  • identify global best practices in the ISO 31000 management system.

  • Know what makes ISO management system ISO 31000 work for 360 degree improvement in the organization processes

  • conduct suppliers' system ISO 31000 capability & maturity appraisal from time to time


ISO 31000 Gap Analysis Features

·         Your management System scope applies to what product lines, ISO 31000 Standard clauses, and facilities that you are planning on registering. You do not have to register every product line. To define the scope within the Gap Analysis we look at what processes need to be included and described within the Organization. The output is a draft process map. Next we examine each clause of the ISO 31000 Standard. There are over hundreds of requirements that we count to see which ones apply and how an organization may be conforming. These requirements include mandatory records, and required procedures, manual, and many process needs that must be fulfilled, but there is a lot of leeway on how you might fulfill those requirements.

·         For example, collecting customer feedback on “deviations from needs & expectations” is a required process and that must be measured, is a requirement, but how you do this is totally up to you. You do not have to write a procedure for this or keep a record of measurements. As odd as this  sounds you have to free your mind of paper solutions and think of visual or electronic methods that could accomplish this.

·         The output of the ISO 31000 Standards “requirements” count is a histogram that shows you how your organization stacks up, clause by clause, and a list of possible exclusions of areas within clauses that may not apply. Each exclusion claimed will require a proper justification within the Documented Framework. In the Gap Analysis we should be able to give you an idea on possible exclusions.


Dedicated Specialists for ISO 31000 Gap Analysis

A specialist, in-person review of your current information security posture against the requirements of ISO 31000

Get the true picture of your ISO 31000 compliance gap, and receive expert advice on how to scope your project and establish your project resource requirements.

ISO 31000 Gap Analysis Brief Description

Our ISO 31000 Gap Analysis will provide you with an informed assessment of:

  • Your compliance gaps against ISO 31000;

  • The proposed scope of your ISO 31000 management system

  • Your internal resource requirements; and

  • The potential timeline to achieve certification readiness.


What to expect from ISO 31000 Gap Analysis:

An ISO 31000 specialist will interview key managers and perform an analysis of your existing information security arrangements and documentation.

Following this, you will receive a gap analysis report collating the findings of these investigations. The report will detail areas of compliance and areas requiring improvement, and provide further recommendations for the proposed ISO 31000 compliance project.

ISO 31000 Gap Analysis report includes:

  • The overall state and maturity of your information security arrangements;

  • The specific gaps between these arrangements and the requirements of ISO 31000;

  • Options for the scope of an ISO 31000, and how they help to meet your business and strategic objectives;

  • An outline action plan and indications of the level of internal management effort required to implement an ISO 31000 and

  • A compliance status report (red/amber/green) against the management system clauses (clause-by-clause), described in ISO 31000