Gap Analysis and Scoping Exercise (Phase I)

In this phase, Orange Parachute evaluates your current information security program for conformance to ISO 27001 strategic, tactical, and operational requirements. Many organizations already have some form of an Information Security Management System in place, although it may be informal. We assess your current infrastructure for "re-usability", in order to not "re-invent the wheel". This assessment serves as a foundation for enhancing corporate governance and establishing a formal Information Security Management System (ISMS). Orange Parachute will also assist you in determining an ISO 27001 certification scope that is both beneficial and attainable. Often times, businesses bite off more than they can chew, not fully understanding the trade-off between benefit and level of effort. This results in many failed or overly complex certification initiatives. Our consultants have extensive experience developing effective and efficient Scope for ISMS related projects. This exercise in knowledge transfer will get your team thinking in new and creative ways.

Timeline: 1-week

Deliverables:

• ISO 27001 Assessment Tool
• Section 4-8 Mandatory controls
• Annex A Discretionary controls
• Written Gap Analysis Report
• Written Scope Statement

Next Phase: ISMS Framework Development