|
Orange Parachute has extensive experience conducting ISO 27001 Gap Analysis for clients worldwide.
Goals
- The existing information security program infrastructure is analyzed for conformance to ISO 27001 strategic, tactical, and operational requirements
- Existing security program infrastructure is assessed for "re-usability" so as not to "re-invent the wheel" while moving toward ISO 27001 conformance or certification
- ISMS Development Strategy is defined and documented
Deliverables
- Gap Analysis
- Orange Parachute ISO 27001 Assessment Tool
Sections 4-8 and Annex A components - Utilizes Capability Maturity Modeling Index for rating maturity of each control area
- Contains graphical results dashboard
- Reusable by client for internal needs
- Written Gap Analysis Report
CLIENT's existing Information Security Program is analyzed and existing state documented. Orange Parachute will highlight important services as well as any areas of concern. This will include, but is not limited to:- Information security practices
- Risk assessment/management methodology
- Existing security management implementation and operations
- Information security governance strategy
- CLIENT ISMS Structure (i.e. "Framework")
The Orange Parachute ISMS Framework is a visual representation of ISMS components. These underlying components include: People, Documents, Committees, Processes, Controls, etc. If CLIENT has an existing Framework in place, Orange Parachute will utilize the existing Framework components and tweak as necessary. If not, the Orange Parachute ISMS Structure is a perfect place to start. - Initial CLIENT ISMS Structure is developed
- Clearly defined scope of services to be delivered to CLIENT business units by the Information Security Program Office