Information Security Blog

ISO 27002 Gap Assessment vs BITS Shared Assessment

ISO 27002 Gap Assessment vs BITS Shared Assessment

security assessmentDuring a recent discussion, a customer asked John Verry what the differences are between an ISO 27002 Gap Assessment and a BITS Shared Assessment. As usual, we decided to educate our blog readers with the answer to that question.

ISO 27002 Gap Assessment

An ISO 27002 Gap Assessment provides an assessment of an organization’s implementation of ISO 27002 control recommendations. The gap analysis is a good step toward understanding the effectiveness of the control environment and is a potential starting point for eventual Information Security Management System (ISMS) certification. It results in a gap analysis that clearly identifies the remediation steps required to achieve alignment with ISO 27002.

BITS Shared Assessment

A BITS Shared Assessment provides an assessment of an organization’s implementation of its controls using a standardized questionnaire which is based on the ISO 27002 standard, with additional input from Shared Assessments Program members. The approach is more rigidly defined (e.g., answers are Yes, No, or N/A, making the completed SIG easy to read by machine. The original idea was that service providers could complete the SIG just once, and then provide the completed SIG to multiple clients.

In short, the BITS Shared Assessment cost is a little more and is a little less flexible – but it provides a higher level of interim attestation in return.


Is ISO 27001 Right for (Y)our Organization?


Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

About the Author:

Marketing at Pivot Point Security

Add a Comment

Share This