ISO 27001 Gap Analysis
Assess your current information security management system against every ISO 27001 requirement and Annex A control to identify gaps before your certification audit.
ISO 27001 Gap Analysis
Gap analysis tool for assessing security controls and ISMS readiness against ISO 27001.
- Instant download after payment
- Editable Microsoft Word & Excel
- Download links emailed to you
- 30-day money-back guarantee
Try the tools, then preview the documents
Our kits are not static PDFs. The Excel tools calculate live, and every Word document is fully written and editable. Try the live tool, then flip through real samples of what you download.
Try the live audit dashboard
Change an answer below and watch the score, chart and readiness update instantly — exactly how your purchased Excel checklist works, across every clause.
The full Excel checklist scores 110+ questions with auto charts, a Pareto of root-causes and a RAG dashboard.
Preview the actual documents
Real extracts from the kit — the quality you download, in your own words to edit.
Information Security Management System Manual
Section 6.1 — Actions to address risks and opportunities
6.1.2 Information security risk assessment
The organization runs a defined and repeatable process for assessing information security risk. The criteria for performing assessments and for accepting risk are set out in advance, so that repeated assessments give consistent and comparable results.
Risks to the confidentiality, integrity and availability of information within scope are identified. Each risk is given an owner, analysed for likelihood and consequence, and weighed against the acceptance criteria to set its priority for treatment.
6.1.3 Information security risk treatment
For each risk that needs treatment, a treatment option is selected — modify, retain, avoid or share — and the controls required to deliver it are determined. The chosen controls are checked against the reference set in Annex A to confirm nothing has been missed, and the outcome is captured in the Statement of Applicability.
Instant download · editable Word & Excel · 30-day money-back guarantee
What Is a Gap Analysis?
A gap analysis compares your organisation's current practices against the requirements of ISO 27001. It highlights where you already conform, where partial implementation exists, and where significant gaps need to be addressed before you can achieve certification.
Running a gap analysis early in your implementation project helps you prioritise effort, allocate resources effectively, and set a realistic timeline for certification readiness.
What's Included
- Clause-by-clause gap analysis covering Clauses 4 through 10 with maturity ratings
- Annex A controls assessment across all 93 controls with implementation status tracking
- Traffic-light scoring system to visualise conformity, partial conformity, and non-conformity
- Priority action plan template for addressing identified gaps
- Summary dashboard showing overall readiness percentage by clause and control theme
- Space for evidence notes and responsible person assignment
How to Conduct the Gap Analysis
- Gather existing documentation — collect current policies, procedures, risk registers, and audit reports
- Assess each clause — rate your conformity level for every requirement in Clauses 4 to 10
- Evaluate Annex A controls — determine the implementation status of each applicable control
- Identify priority gaps — focus on high-risk areas and requirements that need the most work
- Create an action plan — assign owners, set deadlines, and track progress towards closing each gap