IT & InfrastructureIntermediate 4 to 5 hours

ISO 27001 Gap Analysis

Run a gap analysis against ISO 27001 controls for an SA SME considering certification.

The Scenario

A 120-person SA fintech wants to pursue ISO 27001 certification within 18 months. The CIO has asked for a gap analysis to baseline where the company stands today. You have access to the company's existing IT policies and operational practice.

The Brief

Produce a structured gap analysis against the Annex A controls of ISO 27001:2022. Group findings, prioritise remediation, and propose a 12-month roadmap.

Deliverables

  • A gap analysis matrix covering at least 20 representative Annex A controls with: control name, current maturity (0 to 5), evidence available, gap description, and remediation owner
  • A grouped findings summary calling out the top three control families with the largest gaps and the business risk of those gaps
  • A 12-month remediation roadmap sequenced into Quick Wins (first 90 days), Foundational (months 4 to 9), and Pre-Audit (months 10 to 12)
  • A short executive narrative (under 500 words) suitable for the exco describing the certification journey, cost band, and the role each function will play

Submission Guidance

ISO 27001 is not a tooling exercise. Most certification failures come from missing documented processes, missing audit evidence, and missing management review cadence. Score gaps with that lens, not just whether a tool is installed.

Submit Your Work

Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.

This appears on your public Badge.

We'll email you the permanent link to your Badge so you never lose it. Not shown publicly.

0/20000 charactersMarkdown supported

One per line or comma separated. Up to 5 links.

Loading security check...

By submitting, you agree your submission text, name, and evaluation will appear on a public Badge URL.