Comprehensive services delivered by experts

Qualified experts

Qualified experts

Our services are delivered by certified and experienced ISO lead auditors.

Complete review

Complete review

We help you assess all relevant ISO 27001 clauses and Annex A controls.

Comprehensive reporting

Comprehensive reporting

Get a detailed report with actionable advice to improve your compliance.

Flexible delivery

Flexible delivery

We’ll work around your schedule to minimise disruption to your business.

Get a clear view of your ISO complianceGet a clear view of your ISO compliance

Get a clear view of your ISO compliance

Our consultants are highly experienced ISO 27001 certified auditors and qualified to conduct a gap analysis in line with what your external certification body auditor will be looking for.

Our gap analysis service reviews existing policies, procedures, and technical controls to establish your readiness for ISO 27001 certification.

During the gap analysis, we will help you identify non-conformities and opportunities for improvement. We’ll also give you advice on any follow-up activities that may be required.


Uncover hidden threats on your cloud network with BulletproofUncover hidden threats on your cloud network with Bulletproof

Benefits of getting an ISO 27001 gap analysis

Our ISO 27001 gap analysis service provides a detailed review of your current information security posture against the requirements of the standard.

Carried out by a certified lead auditor, this service will give you an informed assessment of:

  • Your compliance gaps
  • The proposed scope of your ISMS (Information Security Management System)
  • Your internal resource requirements
  • The potential timeline to achieve certification readiness
  • Knowledge and information about the standard and how to achieve certification

GDPR compliance staff at BulletproofGDPR compliance staff at Bulletproof

Why choose Bulletproof?

Our ISO consultancy team is made up of highly experienced ISO 27001 certified auditors. We help businesses of all sizes audit, implement, and maintain their compliance standards, providing guidance on all aspects of the ISO standard.

We understand that every organisation has different priorities and requirements, which can make an audit process daunting. Our consultants work with you to ensure that your ISO gap analysis is not only comprehensive with clear report findings, but also causes minimal disruption to your business.

Here’s what our customers say about us

Start your ISO 27001 gap analysis journey today

If you are interested in our services, get a free, no obligation quote today by filling out the form below.

For more information about how we collect, process and retain your personal data, please see our privacy policy.


ISO 27001 gap analysis FAQs

What is an ISO 27001 gap assessment?

Our gap analysis reviews existing policies, procedures, and technical controls to establish your readiness for ISO 27001 certification. The output of our analysis is a detailed report which will tell you areas of non-compliance and provide remediation recommendations.

What should we expect from an ISO 27001 gap analysis?

  1. A Bulletproof consultant will interview key stakeholders in your organisation and answer any questions about the requirements of the standard you may have.
  2. Bulletproof consultants use the information gathered in the gap analysis assessment to produce a detailed report broken down by the clauses and Annex A controls so that you can easily see areas that need to be addressed prior to certification.
  3. After you have had time to review the report, we will arrange a follow up call to answer any questions and discuss next steps with you.

Do we need an ISO 27001 gap analysis?

If you are planning to achieve ISO 27001 certification, then a gap analysis is an excellent first step towards becoming certified. It will help you to identify what you need to do and how much resource you will need to achieve it. If you have already had a gap analysis or are part of the way through, we can review your progress to make sure you are ready for the next stage.

What information should we provide?

During the kick-off meeting, the consultant will advise you on what information they require from you, which may well include copies of existing policies, procedures and company processes.

Who will need to be involved in the gap analysis interviews?

The consultant will need to speak to a variety of different people in the organisation, including at the minimum staff from senior management, IT, and the HR departments. Prior to conducting the interview, the consultant will arrange a kick-off meeting where they will get an in depth understanding of your business and from this will advise you as to who else they need to speak to.

How long does a gap analysis take?

Typically, a gap analysis takes somewhere in the region of four days. However, time spent will depend on the size and complexity of your organisation.

Rest assured; all our work is fixed price. Once the scope of work is defined & agreed upon, we deliver regardless of the time it takes.

Additionally, we strive to make this a hassle-free process by being flexible with the interview slots to help you schedule in a time that suits you.

What happens after the gap analysis report?

We will follow up after the gap analysis to answer any queries and discuss next steps, including supporting your implementation, and other services we offer which can help you to achieve compliance.

Gap analysis resources

Our experts are the ones to trust when it comes to your cyber security

CREST approvedCREST approvedCREST approved
Payment card industry data security standardPayment card industry data security standardPayment card industry data security standard
ISO 27001 certifiedISO 27001 certifiedISO 27001 certified
ISO 9001 certifiedISO 9001 certifiedISO 9001 certified
Government G-Cloud supplierGovernment G-Cloud supplierGovernment G-Cloud supplier
Crown commercial service supplierCrown commercial service supplierCrown commercial service supplier
Cyber EssentialsCyber EssentialsCyber Essentials
Cyber Essentials PlusCyber Essentials PlusCyber Essentials Plus