Is the security of my IT still up to date? Where are there vulnerabilities (gaps)? A gap analysis identifies the current state of information security within the organization. A detailed analysis of the existing system provides an overview of the company’s current security situation. A ConSecur gap analysis gives you a management tool for early detection of vulnerabilities. The result of the overview is a rough project planning for the implementation of possible open measures for the implementation of an ISMS (Information Security Management System) according to ISO27001. Existing specifications of the IT-security law and the General Data Protection Regulation are used for the definition. The determination of the scope of application forms the basis for further planning and implementation of an ISMS.