Cyber security and the wider concept of information security are of significant and growing interest to organisations globally. The result is that many are looking to implement an ISMS (Information Security Management System). There are numerous frameworks available on which to base an ISMS, and they all have their individual merits. However, the ISO27001 standard is now being widely adopted as the leading model. It is especially valuable for organisations that needs to provide formal assurance or certification to clients or other interested parties.
ISO27001 is closely aligned with the current versions of other management system standards (such as ISO9001 Quality, ISO14001 Environment, and ISO45001 Occupational Health & Safety). This offers another significant advantage. It provides a great opportunity to establish an integrated management system for savings on administration and certification.
Taking the first step
Conducting a Gap Analysis is the first step to establishing your ISMS. In other words, a check of the current system and controls against the requirements of ISO27001. The analysis can be performed in-house or with the help of a professional consultant. Either way, a Gap Analysis checklist is essential.
New, fully integrated Gap Analysis Tool
Qudos are proud to announce the release of the fully-integrated Gap Analysis software tool in Qudos 3 IMS software. This offers a full ISO27001 checklist with verification and results fields. Each item may each be linked to independently assigned Actions to address any gaps identified. These Actions may be easily monitored for progress until the gaps are closed out. This powerful tool is available now on all cloud-hosted installations of Qudos 3 and will shortly be made released for on-premise installations. It is just the latest in a series of Gap Analysis tools for ISO management system standards - others include ISO9001 Quality, ISO14001 Environment, and ISO45001 Occupational Health & Safety.
Contact us for further details about the new Gap Analysis tool or Qudos 3 in general, for professional information security services, and ISO27001 certification. We also have an introduction to ISO27001 - available on request.