Governance Based Gap Assessments


Governance Based Gap Assessments

The purpose of a GRC Gap Assessment is to identify missing elements of a security program as compared to a specific framework. Gap Assessments are typically conducted to compare the implemented administrative, physical, and technical controls of an organization with the standards depicted in an established framework.

Gap Assessments are conducted for the benefit of the client, to allow them to establish a baseline or understand how they would score in an audit against a specific governance framework. Upon completion, the client organization will have an understanding of what aspects of the assessed framework are implemented and operating effectively, and what aspects require additional work.

RedLegg provides gap assessment services for the following frameworks:

  • 23 NYCRR 500
  • GDPR
  • ISO 27001/27002
  • NIST Cybersecurity Framework, including:
    • NIST 800-171
    • NIST 800-53
  • PCI Trusted Advisor