: Gap Assessments – isec

Service Overview

Identifying gaps between existing controls and what is required for your organization in accordance with contracts, international standards, industry specific regulations or local applicable laws can be a difficult task. Gap assessments help organizations determine the conditions affecting their ability to achieve objectives and distinguish between risks and opportunities.

isec can perform gap assessments that will help you identify gaps and vulnerabilities, meet requirements and manage your mitigation actions in order to either get ready for an audit mission, or simply get the assurance that the business is secured.

We are able to provide your organization with a systematic overview of its compliance risks. Our experts are ready to perform gap assessments based on:

  • Banking regulations issued by national control authorities;
  • Digital platform regulations for alternative transport providers issued by national control authorities;
  • Standards such as ISO 27001, ISO 27002, ISO 27005, ISO 22301, ISO 27552, ISO 31000 and more;
  • Other specific regulations such as GDPR, eIDAS, PSD2, NIS (and the local equivalent laws) and more.

Generally, our assessment methodology follows the next phases:

Planning phase – setup activities sequence, establish necessary resources, key personnel and gather necessary information;

Execution phase – carry out visits and interviews on-site, perform checks on policies and procedures, test equipment and software, verify security roles;

Reporting phase – analyze collected data, issue and present the Assessment Report.

GP Assessment Report – includes the findings, points out areas of compliance and non-compliance, as well as recommendations for remediation.

Improvement Action Plan – includes a list of activities to be carried out for further improvement. The Action Plan shall be determined based on the severity of the non-compliant aspects identified.

  • Systematic overview of your organization’s compliance risks;
  • Gap Assessments serves as a critical first step in the development of an overall risk management strategy;
  • Acknowledging the compliance risks will help you reduce the exposure to financial and reputational loss.