Cyber Attacks on organizations are on the rise, hitting company’s sensitive information and data. Pressuring organizations to pay ransoms to recover data and to prevent release of confidential and sensitive data to the public, customers and competitors. Many companies have had ransom demands soar into the millions.

In 2021 and 2022 many Asian and European Automotive OEMs began requiring suppliers to implement better information security systems. These requirements include many of the ISO 27001 requirements along with automotive specific TISAX (Trusted Information Security Assessment Exchange) requirements.

ISO 27001 is a recognized standard that organizations use to audit and certify their Information Security Management System (ISMS). Being awarded an ISO 27001 certification demonstrates that the organization has known management procedures to protect the confidentiality, integrity, and availability of the organization’s IT infrastructure.

When you do your gap analysis depends on where you are implementing your Information Security Managemen System (ISMS).

If you are just starting you need to combine your risk assessment along with your gap analysis.  In this case your analysis by definition will show many gaps, but it will provide a road map to implementing the ISMS.

Be sure you have purchased the ISO 27001 standard from ISO.org directly.