All services
SERVICE 02 · ADVISORY

Gap Assessment

Know exactly where you stand — clause by clause.

OVERVIEW

What this engagement covers

A weighted, evidence-based diagnostic of your current state against any target standard. We interview control owners, sample real evidence, score maturity per clause and Annex A control, then hand you a remediation plan sequenced by risk and effort — not a generic checklist.

WHO IT'S FOR
  • Teams preparing for a first-time certification
  • Boards asking for an independent maturity view
  • New CISOs / DPOs establishing a baseline in their first 90 days
DELIVERABLES

What you receive

  • Clause-by-clause maturity scorecard (0–5 scale)
  • Annex A / control-family heat map
  • Evidence sample library and interview log
  • Prioritised remediation roadmap with effort estimates
  • Executive summary deck for the board
OUTCOMES

What changes for your organisation

  • Defensible baseline for programme planning and budget
  • Clear line of sight from finding → owner → deadline
  • Reusable evidence catalogue seeded into MAST GRC
FREQUENTLY ASKED

Questions clients ask before engaging

How is this different from an internal audit?
Gap assessment measures readiness against a target standard before implementation. Internal audit tests an operating system against its own documented controls.
Do you use a tool or spreadsheets?
Findings are captured directly in the MAST GRC platform so remediation, evidence and ownership flow into ongoing operations without re-keying.

Scope a gap assessment engagement.

Tell us your target standards, timelines and regions — we'll come back with a fixed-scope proposal within two business days.

Book a consultation