ISMS readiness

ISO 27001 Gap Analysis Tool

Map your information-security controls against ISO/IEC 27001, surface the gaps, and build toward a certifiable ISMS - with the risk assessment and evidence to back it.

ISO/IEC 27001 sets out the requirements for an information security management system (ISMS). A gap analysis tells you how far your current controls are from those requirements - and what to do about it.

What the gap analysis covers

Built toward certification, not a replacement for it

ISO 27001 certification is issued by an accredited certification body after an independent audit. This tool does not certify you - it gets you ready: organised controls, a clear risk picture, and the evidence a certification audit will ask for. It pairs with the cyber risk register so your ISMS risks live in one place.

Note: Cyber Compliance is a self-assessment and reporting aid, not a certification, audit or legal advice. Outputs help you prepare and track gaps; confirm your position with a qualified auditor, certification body or legal adviser before relying on it.

Frequently asked questions

What is ISO 27001?

ISO/IEC 27001 is the international standard that specifies the requirements for an information security management system (ISMS) - a systematic way to manage the risks to the information an organisation holds.

Can this tool certify us to ISO 27001?

No. Certification is issued by an accredited certification body after an independent audit. The tool helps you prepare - mapping controls, finding gaps and collecting evidence.

What is a Statement of Applicability?

The Statement of Applicability (SoA) records which controls apply to your ISMS and why. The tool helps you capture the inputs for it as you work through the gap analysis.

Start your free trial