This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here

United Kingdom

Select your regional store:


ISO27001 Gap Analysis

Have you identified all your cyber risks? Do you have appropriate information security controls in place?

ISO/IEC 27001 is the internationally recognised standard for effective information security management. Our ISO 27001 Feasibility and Gap Analysis Service will show you what you need to do to achieve certification - for a fee that will be dwarfed by your potential savings in breach costs, fines, and reputational damage. Your current practices may be much closer than you think!


Consider these facts:

  • 51% of cybercrimes are committed by an insider – and are usually more costly than external breaches.
  • 77% of senior managers in the UK now consider information security to be a top priority.
  • 4-5% is the percentage that the average UK company now spends of its IT budget on information security – research suggests that leading companies are spending more than 10%.
  • 90% of organisations are maintaining or increasing their security budgets through the recession.
  • £2.2 million ($3.4 million): the average cost of a data breach in 2009 (USA, UK, Germany, France, Australia.
  • 15% of large organisations were penetrated by hackers in 2010
    [Source: PwC]

You need to be sure that you are spending enough to avoid this sort of loss. Your customers, stakeholders and government also need to be sure that you have information security and cyber risk under control. ISO27001 is how you show them.

Our ISO27001 Feasibility and Gap Analysis Service will tell you

  1. What your security baseline looks like;
  2. Where the significant cyber security gaps are;
  3. How close you are to ISO27001-certification readiness.

Note, this applies to both the ISO27001:2005 standard and the new ISO27001:2013 standard published on 01 October 2013. 

This unique, innovative service delivered by IT Governance expert consultants, will help you answer those questions. Contact us today and arrange for one of our expert consultants to conduct an on-site information security gap analysis. Our consultancy package includes:

  • Take you through the significant cyber threats faced by your organisation, and contextualise them for your specific business environment;
  • Identify the other high level, strategic and compliance risks to your information and ICT infrastructure;
  • Identify the key baseline controls that you currently have in place to protect against those risks and the critical security gaps you need to close;
  • Identify whether or not you would benefit from ISO27001 certification, identifying in business terms both the benefits and the dis-benefits to you of pursuing certification;
  • Review the potential scope of an ISO27001 project, linking our cyber security gap analysis to an ISO27001 gap analysis to give you a single coherent action plan;
  • Assess your current resources in terms of the likely project requirements and set out the options for closing identified gaps and, if it was appropriate, implementing ISO27001 – self-help; a combination of training, tools and self-help; or external consultancy support, guidance and resources;
  • Provide a summary of your business case for closing cyber security gaps and, if relevant, pursuing ISO27001, comparing likely costs of implementation with expected benefits.

At IT Governance, we are conscious that you must justify your IT expenditure in terms of ROI. Our ISO27001 Feasibility and Gap Analysis Service will help you do exactly that. And our own professional fees will be dwarfed by your potential savings in breach costs, fines, and reputation damage.

Why use IT Governance for this unique service?

  1. Well, it is a unique service – we’ve pioneered this fixed-price approach to providing a combination of critical security information and financial benefits analysis;
  2. We are the ISO27001 and cyber security experts – we’ve been doing this since long before ISO27001 was published;
  3. We are vendor-neutral and customer-aligned – we’re not in business to sell you a hardware or software package that you don’t really need;
  4. We offer a unique range of services that can be tailored exactly to your needs – from simple publications through training and self-help toolkits to full-blown consultancy.

You can see some of the organisations that have used us to tackle their cyber risk and information security challenges.

The IT Governance ISO27001 Feasibility Study and Gap Analysis usually takes just one day on site for a typical SME company, plus a day of report writing – although, for large and complex organisations, it can (as you would expect) take a few days more. We have a standard price tariff for small, medium and large-size organisations – see the table below. We keep things simple, yet we provide the highest quality, tested approach to security compliance and best practice.

Here are our current rates:

Sites Employees Duration* Price
1 19 or fewer 1 day £950
1 20-50 1.5 days £1,250
1 51-100 2 days £1,850
1 101-250 3 days £2,850
1 251-500 5 days £4,750
1 501-2000 7 days £5,900
- 2001+   On request

Let’s talk. It pays to be cyber secure. Contact us today - Email or call

0845 070 1750

You will be joining hundreds of UK companies that regard IT Governance as a global leader in ISO27001 information security.

Consultancy services from IT Governance:

IT Governance can help you to implement projects involving:

ISO27001 Solutions


ISO27001 2013 ISMS Gap Analysis Tool

Buy now

live chat support software