Ascertain structure of organization and scope of Information Security (IS) requirement
Establish the extent of compliance with the mandatory requirements of ISO 27001
Using the 133 controls listed in ISO 27002 (the Code of Practice) as a framework, identify primary gaps in the information security controls in place within the organization.
Identify principal information assets and relative value to the business.
Assess policy / procedural/technical IS improvements that would be necessary to achieve compliance with the ISO 27001 standard.
Report on findings of gap analysis and make recommendations for remedial action/strategy to achieve compliance with the requirements of ISO 27001.