£3,250.00 excl VAT

A specialist, in-person review of your current information security posture against the requirements of ISO/IEC 27001:2013.

Get the true picture of your ISO 27001 compliance gap, and receive expert advice on how to scope your project and establish your project resource requirements.

Our ISO 27001 Gap Analysis will provide you with an informed assessment of:

  • Your compliance gaps against ISO 27001;
  • The proposed scope of your ISMS (information security management system);
  • Your internal resource requirements;
  • The potential timeline to achieve certification readiness
What to expect:
An ISO 27001 specialist will interview key managers and perform an analysis of your existing information security arrangements and documentation.
Following this, you will receive a gap analysis report of the findings. It will detail areas of compliance and those requiring improvement, and provide further recommendations for the proposed ISO 27001 compliance project.
The report includes:
  • An overview of the state and maturity of your information security arrangements;
  • A summary of the specific gaps between these arrangements and the requirements of ISO 27001;
  • Options for the scope of an ISMS, and how they help to meet your business and strategic objectives;
  • An outline action plan and indications of the level of internal management effort required to implement an ISO 27001 ISMS; and
  • A compliance status report (red/amber/green) against the management system clauses (clause-by-clause), as well as the information security controls (control-by-control) described in ISO 27001:2013.
Why get a customised, in-person gap analysis?
Questionnaire-based gap analyses don’t provide the level of expert analysis and insights you get from a specialist. With an in-person gap analysis, you will have a clear idea of the proposed scope of the ISMS, be able to set realistic project expectations, and obtain customised and detailed information necessary to develop a strong business case for implementing an ISO 27001-compliant ISMS.


  • The price quoted is applicable for organisations with up to 250 employees and 1 major site (location).
  • If your business is located outside mainland UK (England, Scotland and Wales), additional expenses will be charged to accommodate our consultant’s travel for the on-site assessment.
  • The time required to complete the gap analysis often depends on the size and complexity of the organisation, but the final report will normally be delivered within ten working days of the initial site visit(s)/remote assessment. If the exercise is likely to take longer than this because of organisational complexity, we will tell you at the outset.