GAP Assessment
ISG Compliance team conducts information security gap
assessment to provide comparison of security program vs overall
best security practices to shed light on areas where
vulnerabilities and risks are lurking.
An information security-related gap analysis identifies
information security gaps that may exist within an organization by
examining the current information security stance to industry best
practices or standards and regulations.
When to conduct Gap Assessment
ISG compliance team helps Delivery teams in conducting Gap
assessment in following criteria
- Project kick-off (ODC Set-up)
- Prior to external audit/visit.
- Project movement / Shift.
- Changes in the Scope/Project
Raising Gap assessment request
Project Manager / Delivery SPOC send the email request to
Cluster’s Risk and Compliance Manager for getting the Gap
assessment conducted.
Preparing Gap Assessment Checklist
Ensure the analysis is complete and comprehensive by allowing
others to review it prior to implementation.
- Industry standard security framework (ISO 27001)
- TechM Information Security Policy and procedures.
- Compliance requirements mentioned in MSA (MSA Checklist)
- Any customer specific security controls
Gap Assessment Approach
- Adopt an information security standard (if one is not
already being used).
- Define the scope of the analysis.
- Information security standards, policies, plans,
protocols, procedures, and guidelines.
- Create a comprehensive information security questionnaire
using MSA/MSA Checklist
- Identify Gaps and raise Non Conformity in the system
- Publish the Gap Assessment report
- Ensure Non Conformity gets closed in the system within the
defined timeframe and/or before the client visit to ensure
compliance.