Current trends indicate that information security is critical for today's enterprises. As managers realize they cannot ignore the potential security risks, they tend to turn to the ISO/IEC 27001 standard, in order to implement an Information Security Management System (ISMS). While being adopted by large companies, ISMS are still considered as out of range by numerous smaller entities. To help SMEs to access to ISO/IEC 27001 certification is still a challenge. In this context, the initial step of an ISMS implementation project is significant: a gap analysis highlighting the current status of the enterprise with regards to the standard, and thus the resources needed to succeed in this project.