This tool has a very specific, high-level purpose in any ISMS project, which is to quickly and clearly identify the controls and control areas in which an organisation does not conform to the requirements of the standard.

It is designed to help prioritise work areas in initial project planning and for final, pre-certification audit review of the ISMS.

It is not designed to carry out a detailed gap analysis, as this requires a far more granular approach to assessing an organisation’s current information security control structure. 

The ISO 27002:2013 ISMS Controls Gap Analysis Tool:

• Is a self-assessment questionnaire.
• Addresses all 114 controls in ISO 27002:2013.
• Provides a clear, colour-coded, control-by-control report on the extent of adoption of the guidance in ISO 27002.

This tool is designed to work in any Microsoft environment; it does not need to be installed like software, and it does not depend on complex databases. It is reliant on human involvement.

Download this tool and complete your gap analysis.