Companies considering getting certified to the international information security standard ISO 27001 often commission a gap audit to find out what they are missing at a high-level. Many of these gap audits have common areas that are not yet in place, such as reviewing user access rights and security in supplier agreements. This article should help your organization if you are considering ISO 27001, or wish to ensure you comply with best practice.

A review of 20 gap audit reports for a variety of organizations, including public sector organizations, global enterprises, financial, manufacturing, and technology companies.  Most organizations have many of the controls in place already, such as security in Human Resources, password management systems, and physical security controls. However, these audits show that many of the organizations shared gaps in their information security controls. This is certainly not an exhaustive list of gaps, but it may help give you an understanding of the broader requirements of implementing an Information Security Management System (ISMS).

Cllick below to download the full article or from our website at Insight and Resources > Publications > Articles