Good day Dejan, I have been going through your materials and I am about to purchase the ISO 27001 Documentation Toolkit English (with live expert support)
Because I have the below message from a potential client.
Hi, I have a client who would like us to submit a proposal to perform Information security and POPIA compliance gap analysis.
The overall purpose of this analysis is to identify the level of compliance and potential gaps that might exist from an Information Security perspective when measured against ISO 27000, and Data Privacy as measured against POPIA.
1. Report of Cyber Security Gaps along with the recommendations and a roadmap to resolve these gaps
2. Report of POPIA Compliance Gaps along with the recommendations and a roadmap to resolve these gaps
3. Presentation to the client of the findings of the Audit exercise
4. A penetration test report Response Requirements
The following should be included in the response:
• Specific Deliverables
• High-level timelines
What do you advise as to how to proceed with responding to the approach and specific deliverables?
For deliverables 1, 2, and 3 a good approach would be developing checklists based on ISO 27001 and POPIA requirements to perform the gap analysis and plans on how to apply them and specific timelines. Besides the reports themselves, additional deliverables would be these checklists and plans.
Regarding deliverable 4, sorry but this deliverable requires technical expertise that is out of our scope of work.
These tools can help you to have a general idea about the gap analysis:
Free ISO 27001 Gap Analysis Tool https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
EU GDPR Readiness Assessment Tool https://advisera.com/eugdpracademy/eu-gdpr-readiness-assessment-tool/
Since gap analysis has similarities with internal audit, you may benefit from this material:
ISO 27001/ISO 22301 Internal Audit Toolkit https://advisera.com/27001academy/iso-27001-22301-internal-audit-documentation-toolkit/
For further information, see:
How similar is the South African POPIA to the EU GDPR? https://advisera.com/eugdpracademy/blog/2021/08/23/how-similar-is-the-south-african-popia-to-the-eu-gdpr/
How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/