RM Studio’s Gap Analysis is an assessment enabling users to determine the state of the organization’s compliance to a standard (ISO/IEC 27001), regulation (EU GDPR), or control framework (NIST SP 800-53.r4) . The Gap Analysis is best used to analyze the current baseline of the organization’s starting point in terms of meeting specific requirements of a standard or regulation. Users should also use the Gap to establish what mitigating controls are necessary or not applicable to the organization and determining the controls that have already been implemented successfully. Essentially the Gap Analysis can answers two questions: In terms of the ISO/IEC 27001:2013 users need to use the Gap Analysis for the requirements, as well as the Annex A controls set (ISO/IEC 27002:2013). Users can execute one gap for the requirements (ISO27001) and a second gap for the control implementation guidance (ISO27002). One gap for both the ISO 27001 & 27002 can be created and analyzed, but only the controls (ISO 27002) will be applied to the Risk Treatment.
5.Gap Analysis
Gap Analysis Relationship Visualization