PortfolioIT & InfrastructureIT Compliance & GovernanceIntermediate
IT & InfrastructureIntermediate 4 to 5 hours

ISO 27001 Gap Analysis

Run a gap analysis against ISO 27001 controls for an SA SME considering certification.

The Scenario

A 120-person SA fintech wants to pursue ISO 27001 certification within 18 months. The CIO has asked for a gap analysis to baseline where the company stands today. You have access to the company's existing IT policies and operational practice.

The Brief

Produce a structured gap analysis against the Annex A controls of ISO 27001:2022. Group findings, prioritise remediation, and propose a 12-month roadmap.

Deliverables

  • A gap analysis matrix covering at least 20 representative Annex A controls with: control name, current maturity (0 to 5), evidence available, gap description, and remediation owner
  • A grouped findings summary calling out the top three control families with the largest gaps and the business risk of those gaps
  • A 12-month remediation roadmap sequenced into Quick Wins (first 90 days), Foundational (months 4 to 9), and Pre-Audit (months 10 to 12)
  • A short executive narrative (under 500 words) suitable for the exco describing the certification journey, cost band, and the role each function will play

Submission Guidance

ISO 27001 is not a tooling exercise. Most certification failures come from missing documented processes, missing audit evidence, and missing management review cadence. Score gaps with that lens, not just whether a tool is installed.

Submit Your Work

Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.

This appears on your public Badge.

0/20000 charactersMarkdown supported

One per line or comma separated. Up to 5 links.

By submitting, you agree your submission text, name, and evaluation will appear on a public Badge URL.