home
about us
products & services
analysis slash delivery slash testing slash operations slash awareness
news events
case studies
resources
contact us
* *
ISO17799 / BS7799 gap analysis previous servicenext service

headlines

ISO17799 is the internationally accepted standard for Information Security management

a number of regulating agencies, including the Data Protection Commissioner have declared ISO17799 as a benchmark for prudent and competent practice

expert, independent assessment of the gap between current security management and an implementation of ISO17799 appropriate to the organisation

identifies:

improvements in security based upon industry best practice

achievement and shortfall in ISO17799 control areas relevant to the business

plan of activities for ISO17799 compliance

expert comment on formal ISO17799 certification


issues

ISO17799 is the internationally accepted standard for Information Security management. Organisations of all sizes have identified the value of compliance, either pursuing formal certification through accreditation agencies, or adopting the standard through implementing ISO17799 as their guiding framework for internal security management.

This has been reinforced by a number of regulating agencies declaring ISO17799 as their benchmark for prudent and competent practice, including the Data Protection Commissioner. There is also growing support within government contracting circles for ISO17799 to be a future mandated standard.

The pressures are obviously building to comply with ISO17799, but the scope of the Standard is wide, and experienced, professional interpretation and guidance is essential for effective and economical application.

It can be difficult for an enterprise to make objective, well informed decisions about how to cost effectively adopt the Standard and whether to seek formal certification. It is a sensible first step to commission an independent, expert review to assess how current practices match up to the standard and compare with accepted industry practice.

approach

The gap analysis is essentially an audit focused on identifying appropriate implementation of ISO17799 and outlining the improvements required to achieve this.

The steps followed are:

  • review Information Security Policy and advise on and agree scope of the Information Security Management System
  • conduct a Risk Assessment Workshop
  • agree control objectives (Statement of Applicability)
  • review controls (interview, observation, inspection)
  • information Security Management status report & findings workshop - agree gap analysis
  • final report with recommendations for improvement and options for implementation of ISO17799
customer benefits

Provision of an expert, independent assessment of the gap between current security management and an implementation of ISO17799 appropriate to the customer's organisation.

  • recommendations on business areas, systems and processes requiring improvements in security based upon industry best practice
  • statement of achievement and shortfall in ISO17799 control areas relevant to the business
  • outline plan of activities for ISO17799 compliance
  • expert comment on the advisability of seeking formal ISO17799 certification

Note: You can download details of this service as a Adobe Acrobat PDF by clicking on the button above. If you do not already have Acrobat Reader, you can download it for free from the downloads page.
health
check		 ISO17799 / BS7799
gap analysis		 detailed
audit		 snapshot  
   
site map

slash

 terms & conditions © 2001-2008 commissum