The purpose of a GRC Gap Assessment is to identify missing elements of a security program as compared to a specific framework. Gap Assessments are typically conducted to compare the implemented administrative, physical, and technical controls of an organization with the standards depicted in an established framework.
Gap Assessments are conducted for the benefit of the client, to allow them to establish a baseline or understand how they would score in an audit against a specific governance framework. Upon completion, the client organization will have an understanding of what aspects of the assessed framework are implemented and operating effectively, and what aspects require additional work.
RedLegg provides gap assessment services for the following frameworks: