top of page

Gap Assessment and Implementation of NIST Cyber Security Framework and ISO/IEC 27001:2013 Controls

Client: Physical Product Manufacturing Organization (Multinational)

Sector: Manufacturing

Location: San Francisco, California - USA


The end client is a manufacturing technology company having multiple patents on their name. They manufacture indoor anti-pollution equipment. They were determined to get themselves compliant with NIST Cyber Security Framework and ISO/IEC 27001:2013 standards as they have a big plan to scale up operations – not only in the USA but also around the world.

Our Approach

The first phase of the project involved performing detailed gap assessment based on NIST CSF framework. We did a thorough gap assessment which ran for more than a month involving multiple stakeholders and leaders of the organization. The detailed report was prepared and submitted. Based on the further request of the client, we prepared an executive summary for top leadership presentation.

Top leadership then approved for starting the second phase of the project for implementation. This phase involved Risk Assessment, other Information Security Management Systems and NIST Cyber Security Framework controls implementation activities.

Our major activities involved (but not limited to):

  • Defining the ISMS Objectives

  • Conducting the Risk Assessments for the risks associated with all the activities inside the scope

  • Drafting the Policies and Procedures in line with the requirements

  • Classification of assets

  • Preparation of Legal & Compliance Register

  • Revising the Incident Management Plan

  • Drafting a Acceptable Use Policy

  • Drafting a Privacy Policy

  • Conducting a ISMS Training

  • Multiple other policies and procedures related to the scope of work

  • Designing the templates and forms

  • Ensuring Compliance with GDPR

A senior consultant from Gorisco was dedicated for this project to carry out activities as listed above with backend support from other colleagues. It was a excellent project as it involved defining things from scratch and building a robust framework which in turn helped the organization to become compliant and also grow in various markets across the globe.

The Positives

  1. The Client realized the value of our engagement and transformed a “Gap Assessment” project into an end-to-end implementation project

  2. With the good support of the Client, all activities were completed within the agreed timelines

  3. Due to COVID-19 restrictions, the whole project was executed remotely without any physical meetings

  4. We were able to support the client in their required time zones

Benefits & Values To Client

  1. Gap assessment clearly brought out the major, medium and minor gaps in the organization’s strategies, processes and policies

  2. This helped the top leadership to pick the priorities and the low hanging fruits which will support their organization

  3. It demonstrated the compliance status and the level of associated risks in the organization

  4. Identification of priority (high risk) activities enabled Client to refine their business strategies and channel resources to the areas of greatest needs. These risks were managed through proper assessment and application of the mitigation plans

  5. The whole implementation process helped the client to become compliant, mature and a truly global company

65 views0 comments
bottom of page