Compliance

Gap & Compliance Analysis

Gap analysis and regulatory compliance measurement against ISO 27001, NIS2, NIST CSF 2.0 and beyond. You know exactly where you stand before investing.

  • ISO 27001
  • NIS2
  • NIST CSF 2.0
  • ENS
  • GDPR

01 · What is it?

What is this?

A compliance assessment is the honest snapshot of your security today against the frameworks your business operates under. Gap analysis identifies what's missing; compliance measurement tells you how close you are to meeting each requirement. It's step zero before any serious cybersecurity investment.

02 · The process

What it involves.

  1. 01

    Scope

    We define which framework applies (ISO 27001, NIS2, NIST CSF, ENS) and which entities, systems and processes are in scope.

  2. 02

    Collection

    Short questionnaires, interviews with key areas (IT, HR, Legal) and document review. No kilometre-long forms.

  3. 03

    Evaluation

    We score each control on a 0 to 4 scale (NIST) or compliant/partial/non-compliant (ISO). Evidence attached per control.

  4. 04

    Report

    Executive summary plus per-domain detail plus maturity heatmap. Presentation meeting included.

03 · The differentiator

How we do it at Sekit.

  • Agents do the heavy lifting

    Automated OSINT, technical evidence collection and report draft generated by AI agents. You validate.

  • One week, not three months

    Parallel processes, short interviews, self-collected evidence. The full diagnostic ships in 5 business days.

  • External evidence cross-referenced with the interview

    We cross-reference internal interviews with an external OSINT scan. Contradictions between the two sources are flagged in the report.

04 · Deliverables

What you take home.

  • Executive reportLeadership summary with global score, top 10 gaps, and defensible arguments.
  • Per-control detailControl-by-control detail with attached evidence and consultant notes.
  • Maturity heatmapInteractive visual by domain and subdomain of the chosen framework.
  • Integrated OSINT findingsExternal scan findings folded into the diagnostic as evidence, not a separate annex.
  • Initial action planTop 10 priorities for the next 90 days.
  • 90-day follow-up checkpointShort session included at 90 days to review what's closed from the top 10 and adjust priorities.

Ready when you are

Let's talk about your project.

Thirty minutes to understand your context and propose a concrete plan. No commitment.

Book a consultationBack to services

Next service

Risk Management

Let's talk

Thirty minutes. Zero commitment.

Tell us what you need and we'll say exactly how we can help. If it isn't a fit, we'll save you the time.

Book a consultation

Denise & Ricardo

Sekit team

  • 30 min · Google Meet
  • cal.com/denise-moreno-sekit