Case Studies

ISO 27001 Gap Assessment (UBT)

The Client

A Globally dispersed B2B services organisation that provides a range of services to small and medium scale businesses, on a subscription-based model.

The Objective

The client was looking to conduct a gap assessment of its ISMS system against the ISO 27001 standard, with the intention of developing a roadmap for compliance. A key challenge was that each geographical region had an independent approach to their respective ISMS and hence each region needed to be assessed independently, within very tight budgetary constraints.

Centropy's Approach

In order to minimise the consulting effort in administering a separate gap assessment for each regional operation, Centropy utilised a survey based approach to gather information about the existence of various controls and policies. An online survey tool was developed with simple close ended questions covering all 118 control Areas within the ISO framework, including additional options to expand on responses and upload evidence as required.

What We Achieved

  1. Low cost assessment and evidence gathering
  2. Visibility for the Global CIO on consistent gaps across all regions
  3. Ability to prioritise areas of improvement for short term quickwins with a view to bringing all regions to a consistent level, with longer term maturity uplift targets.

Relevance

# Cyber Security, # ISO 27001, # Policies & Procedures, # ISMS
ALL CASE STUDIES