GAP Analysis

A GAP analysis aims to find out where the company should be and where the company is in real time now. A GAP analysis should always be based on a risk assessment strategy and compare it with best practice within GDPR and IT security.

GlobalSequr is based on the ISO27000 framework and we make two types of GAP analyzes:

  • GDPR (General Data Protection Regulation)
  • IT security

In some cases, we combine two GAP analyzes, and in others we focus solely on one of the areas.

 

All companies in the EU must live up to GDPR

EU political bodies have reached agreement on the new GDPR, which will enter into force in Denmark on 25 May 2018. Then, all companies must comply with the regulation and we are talking about fines up to € 20 million or 4% of revenue.

The main purpose of the GDPR is to make companies better in protecting their personal data. The legislation consists of three main areas:

  • Compliance (examples)

What types of data does the company have?

Does the company have the right processes and procedures?

  • IT security (examples)

How does the company map its data?

Is there control over log management, encryption, etc.?

  • Law (examples)

What should the company comply with in terms of legislation?

Are there areas that should be delimited?

GlobalSequr GDPR GAP analysis has been mapped up to the General Data Protection Regulation Requirements up to ISO27002.

 

IT security

In many companies, there is a growing awareness that data may be the most important thing they have. For each company, it is about finding out what the worst possible scenario may occur. Some companies have critical data, they want to protect, for others, that the operation can not be disturbed.

If the company needs to get an overview of what level of security it should be, then it is  most reasonable to find out what is missing, prioritize and find out which solutions combine the most value for money.

 

At GlobalSequr we operate with 2 levels:

 

  • GAP analysis without pressure testing
  • GAP analysis with pressure testing

At Level 2, we have defined a number of areas, where we test whether the different IT security products are configured correctly, whether the products contain the protection and features that should be, and whether the processes/procedures are in place.

 

Method

GlobalSequr has some of the market’s top specialists in the GDPR and IT security. Besides broad experience, we can also quickly and professionally conduct GAP analysis after best practice and refer it to the company’s risk profile and strategy.

Our methodology is as follows:

 

Overview

Once the GAP Analysis is complete, your business is ready to prioritize, set budget, find external partners and allocate the internal resources needed to reach goals in reducing your risks, comply with the GDPR legislation and get IT level of security required.