ISO 27002 Information Security Controls Gap Analysis Tool

Fully aligned with ISO 27002:2022

• Aligned with ISO/IEC 27002:2022.
• Quickly and clearly map your current information security measures.
• Assess your control stance against ISO 27002.

The ISO 27002 Information Security Controls Gap Analysis Tool will help your organisation identify the extent to which its control stance meets the guidance in the Standard.

This tool is designed to support your organisation in its initial project planning of the ISMS (information security management system) security controls, and quickly and easily map your current information security measures against ISO/IEC 27002:2022 requirements. The control categories are on different tabs within the workbook, so you can clearly establish areas for development and plan and prioritise your project effectively.

There is also an executive summary tab with graphs and tables that automatically analyse the inputted responses, showing the number of questions completed, how many controls have been fully implemented, and implementation progress for each control category.

What does the tool provide?

• A self-assessment questionnaire covering all 93 controls from ISO 27002:2022.
• An Excel workbook separated into the four control categories: Organizational, People, Physical and Technological. Each control category has its own tab for ease of use.
• Use your own document references against specific ISO 27002 clauses and add issues and comments, so you can track and organise your project.
• An executive summary tab with tables and graphs that show, by control category, gap analysis questions completed, control category implementation percentages and implementation progress.
• A clear indication of compliance, and comprehensive analysis of your compliance against the Standard, to highlight areas of development and help you plan and prioritise your project effectively.

The tool is designed to work in any Microsoft environment; it does not need to be installed like software, and does not depend on complex databases. It is reliant on human involvement.

The tool is not designed for conducting a detailed gap analysis or audit, which require granular compliance assessment. If you require specialist help in this area, please contact us.

For more information read our FAQ here.