A WaveGard Policy Gap Analysis project provides our clients with a
structured mentoring process for commencing the design of a new security
policy framework or evaluating an existing framework. Clients who choose the Gap Analysis ultimately benefit from an understanding of the positive components within their security policy framework as well as deficiencies that must be addressed. The process directly incorporates regulatory compliance topics and technical controls to define the initial security posture for the organization. The review result is a clearly written deliverable that identifies critical findings, recommended next steps, and areas that should be considered for further review.

A Policy Gap Analysis project often includes the following steps:

• In-depth discussions with the client to understand the existing environment and define the goals of the security program
• Review copies of existing policies, procedures, standards, and related documentation to understand what type of framework exists in the environment
• Identify the regulatory considerations that are being targeted such as: SOX, HIPAA, GLBA, FISMA (C&A), PCI, or others
• Identify a standardized approach against which the program can be mapped such as ISO 17799, COBIT, NIST, or others.
• Analyze the information to identify areas of compliance or weakness
• Succinctly document the findings, including recommended next steps