The UAE IA Gap Assessment evaluates your organization's compliance maturity across 10 chapters that map to the 15 control families:
| # | Chapter | Control Families | Questions |
|---|---|---|---|
| 1 | Security Governance | M1 | 7 |
| 2 | Risk Management | M2 | 6 |
| 3 | People Security | M3, M4 | 6 |
| 4 | Compliance & Monitoring | M5, M6 | 5 |
| 5 | Asset Management | T1 | 5 |
| 6 | Physical Security | T2 | 5 |
| 7 | Operations & Communications | T3, T4 | 7 |
| 8 | Access Control | T5 | 6 |
| 9 | Supplier & Systems | T6, T7 | 6 |
| 10 | Incident & Continuity | T8, T9 | 7 |
Maturity Scoring
Each question is scored 0-4:
- 0 — Not Implemented
- 1 — Initial — ad-hoc processes
- 2 — Developing — documented but inconsistent
- 3 — Defined — standardised and implemented
- 4 — Optimized — continuously improved
Cross-Framework Propagation
Scores propagate bidirectionally to/from ISO 27001, SOC 2, NIST CSF, and other gap assessments for equivalent controls (encryption, access control, incident management, etc.).