We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the first step in implementing NIS2 requirements is to perform a gap analysis.
The most critical part when performing a gap analysis is to define upfront against which standard or security framework are you comparing the existing situation.
It is usual when performing a gap analysis of security maturity to compare against ISO 27000 standard, the ISO 27001 in particular.
Performing a gap analysis on the security stance of a company following ISO 27001 involves comparing its current security measures and practices against the requirements specified in the ISO 27001 standard.
This analysis helps identify areas where the company’s security posture aligns with the standard (compliance) and areas where there are gaps or deficiencies (non-compliance). Here’s a technical breakdown of the process: