Gap Analysis

Identify the gap between your existing cyber security management and best practice.

Discover what stands between you and compliance.

Our Gap Analysis will show you the differences between where your current ICT system stands compared to the NIST Cyber Security Framework or GDPR standards.

Discover what stands between you and compliance.

Does your organisation need a Gap Analysis?

Does your organisation need a Gap Analysis?

Even with your own cyber security systems in place, your organisation may not meet the industry standards and regulations. If your organisation is not compliant, you could be at risk to devastating threats and hefty fees. Our Gap Analysis helps you quickly assess whether or not you are compliant and makes actionable recommendations for meeting those standards.


  • Our experts test your ICT system, processes, and configurations against the 20 CIS Security Controls that are the foundations of the NIST Cyber Security (CSF) Framework to help you identify any gaps in your system that make your organisation non-compliant.

  • With our Gap Analysis, you can be proactive in your compliance and stay ahead of the hackers.

Talk to a Specialist

Our Process

The aim of the this test is to measure the differences between your current ICT system and current accepted security requirements. During this Gap Analysis, Gaia uses the NIST 20 CIS Security Controls, an internationally recognised framework. If you wish Gaia to test against the GDPR requirements, we can customise your Gap Analysis to accommodate the GDPR requirements.

Our Process

Gaia will work with your IT staff through a formal standard process, testing against each of the 20 CIS Security Controls and/or GDPR. At the end of the test, Gaia will produce a report with easy-to-understand red, amber and green recordings that indicate weaknesses (red), areas that need improvement (amber) and strengths (green). We will also provide you with easy-to-understand recommendations on how to ensure that your systems meet the required security standards.

Meet international cyber security standards.

A Cyber Security Gap Analysis identifies vulnerabilities in your existing ICT environment, the results of which will enable your organisation to plan improvements, changes, upgrades and reconfigurations that will ensure your ICT environment is safe from cyber security threats.


  • Gaia will conduct a critical review of your cyber security controls (both strengths and weaknesses) and produce detailed recommendations covering the next steps to achieve fit-for-purpose cyber security.

  • Our expert, independent assessment of the gap between your existing cyber security management and best practice will allow you to provide assurance to stakeholders that security of data is of the highest importance.

  • Gaia’s Security Engineers and Consultants are well trained and experienced in the NIST 20 CIS Security Controls as well as the GDPR requirements. The testing will be undertaken using industry standard software and visual reviews. The results will be discussed with you and the appropriate RAG report written.

NIST Cyber Security Framework

This framework guides organisations on how to improve their abilities to detect, prevent and respond to security attacks and threats at a high level.

The NIST framework integrates common industry standards for processes and methods used to assess and manage secure technical infrastructure. It also provides a common language that allows staff at all levels within an organisation to develop a shared understanding of the organisation’s cyber security risks

Within this framework, the Center for Internet Security (CIS) has produced a 20 point framework to protect organisations from cyber attacks. It is against this internationally understood and utilised framework that Gaia will test your current ICT infrastructure

NIST Cyber Security Framework

The General Data Protection Regulation (GDPR)

GDPR supersedes the UK Data Protection Act 1998, and has a significant and wide-reaching scope, bringing a 21st century approach to data protection. It expands the rights of individuals to control how their personal data is collected and processed, and places a range of new obligations on organisations to be more accountable for data protection.

It is law within the EU and any organisation undertaking business within or with a EU organisation must also adhere to its requirements.

The General Data Protection Regulation (GDPR)

What happens next?

What happens next?

  • Once we have tested your current ICT system, ICT processes and configurations against these 20 CIS Security Controls, we will provide you with a RAG (red, amber, green) Report. The RAG Report will outline your network weaknesses (red), areas that need improvement (amber), and strengths (green). We will also include an overall assessment that will help you understand exactly what you need to do in order to meet the standards put forth by CIS or GDPR.

  • If you wish, Gaia can undertake the updates required, which will be quoted for as a separate project. Alternatively your organisation may wish to outsource its security protection and response, in which case we recommend our Managed Security Services Provision (MSSP).

Why Gaia?

Gaia’s combination of technical consultancy and skilled work by our experts ensures that a careful review of your current ICT system will be thorough and precise. Using a defined set of processes and procedures that match your current ICT environment, we will test your system against either the NIST controls or the GDPR. Gaia can tailor the Gap Analysis to suit your requirements so that you can rest assured that your organisation meets the industry-accepted security standards and is protected against threats

Why Gaia?

Added peace of mind, without inconvenience.

The delivery process should be a non-intrusive process and should not affect your business flow. Gaia will work in the background, ensuring that all installations are handled appropriately and in a timely manner.

Added peace of mind, without inconvenience.
Gaia Technologies Gap Analysis
Defence in Depth

As part of the Gaia Defence in Depth, we will review your current security protection and provide you with the information to implement a solution that adheres to internationally utilised security controls, methods and processes

Defence in Depth