Gap Analysis and IT Audit

A Gap Analysis is an activity aimed at identifying the gap between the actual security posture and a regulation, a law or any set of requirements, by a thorough examination. The output of the analysis is a precise description of the missing elements that are necessary to fill the identified gap.

An IT Audit is a formal process aimed at assessing the compliance with a regulation, a law or a company’s policy. This activity is carried out on a selected sample of assets, following the ISO 19011:2003 guidelines and ISACA standards, in order to provide compliance and non-compliance results supported by evidence collected in the field. It can be performed internally (first party audit), on behalf of an external purchasing entity (second party audit), or externally (third party audit). @ Mediaservice.net’s professional resources have accumulated a solid experience, proven by LA27001, CISA, and ITIL accreditations.

 

Audit criteria

@ Mediaservice.net’s professional resources have accumulated a solid experience in the IT audit field, proven by LA27001, CISA, and ITIL accreditations. The Gap Analysis and IT Audit services are usually performed in accordance to the following criteria:

  • ISO/IEC 27001:2013;
  • Privacy (D. Lgs 196/2003);
  • Reati informatici (D. Lgs 231/2001 art 24bis e Legge 48/2008);
  • ISO/IEC 20000-1:2005;
  • PCI DSS 3.0;
  • ISO 22301:2012;
  • BS 25777:2008.

 

Optional services

@ Mediaservice.net recommends, as an opportunity to optimize and broaden the relevance of the results provided by the described service, the following additional options:

  • Definition of treatment plans – support in the design, deployment, and monitoring of remediation tasks, in order to fix the detected non-compliances;
  • Risk Assessment – extended activity aimed at considering information security risks associated to the detected non-compliances, in order to correctly prioritize the remediation tasks;
  • Internal methodology definition – support in creating an internal methodology and defining a structured and complete audit plan, as required by most international regulations.

Gap Analysis and IT Audit - 462,05 kB Download the service datasheet.