ISO 27001 Gap Assessment

Know where you stand before you commit to certification.

An ISO 27001 gap assessment gives you an independent, structured view of your current information security posture against the requirements of ISO/IEC 27001:2022. It identifies what you have, what you are missing, and what needs to change before you are ready for formal certification.

Assurance Bureau delivers gap assessments that are honest, practical, and free of the sales pressure that comes from assessors who also sell implementation services.

What is an ISO 27001 Gap Assessment?

ISO/IEC 27001:2022 is the internationally recognised standard for information security management systems (ISMS). Achieving certification demonstrates to customers, government, and regulators that your organisation manages information security risk systematically and to an internationally recognised standard.

A gap assessment is typically the first step in a certification journey. It measures your current state against the full requirements of the standard, covering:

  • Clause 4 to 10 ISMS requirements

  • Annex A controls (93 controls across four themes: Organisational, People, Physical, and Technological)

The output is a clear picture of your readiness and a prioritised remediation roadmap.

What you receive

  • A structured assessment against ISO 27001:2022 clause and Annex A requirements

  • A findings register identifying conformant areas, gaps, and areas requiring further development

  • A prioritised remediation roadmap with practical guidance on addressing gaps

  • An indicative readiness rating for certification

Who this is for

  • Organisations preparing for ISO 27001 certification for the first time

  • Organisations responding to a customer or government requirement to achieve certification

  • Organisations that have implemented controls informally and want to understand their certification readiness

  • Organisations that completed a gap assessment some time ago and want a current-state review ahead of Stage 1 audit

Why Assurance Bureau

  • Certified ISO 27001:2022 Lead Auditor and Lead Implementer

  • Experience conducting ISO 27001 audits for certification bodies and internal audit clients across government, healthcare, and regulated industry

  • Independent assessor with no conflict of interest from selling implementation services

  • Sole-operator model means you work directly with your auditor throughout

Get in touch

Ready to understand your ISO 27001 readiness? Contact us to discuss scope and arrange a no-obligation conversation.

Work With Us