I agree with Harry, you're at the gap analysis stage.
The obvious starting point is gaps related to 27001 standard requirements, which of course relates to both main standard body requirements--some a bit general--and the 133 control requirements. Those are more specific in one sense but still not completely clear about how you need to address them, and of course limited exemptions are possible when they don't apply.
You should also be clear early on to what degree you want to integrate the prior system with the new company's system; to use one system to cover both, to just share some common practices, control implementations, formal process implementation, etc. It would be early for looking too closely at the final end-point but some of the demand should already be clear. 27001 standard "compliant" versus "certified" is also a substantial difference relating to possible goals, so it matters which you are and plan for them to be.
If you already have implemented a complete, certified ISO 27001 system you already know all this but these are some primary concerns:
-management system framework: common to most, document control, audit requirements, defining roles, etc.
-security controls: defines a lot of 27001; your statement of applicability will help map what will translate easily or not at all
-risk assessment: major part of 27k, of course 27005 is the reference standard for the security risk assessment, and there is overlap with other standard requirements
-formal policies, procedures, records, training, skills development, etc: relates back to your past development and present goals
A good reference site for 27001 implementation that is worth a look is:
http://www.iso27001security.com/html/iso27k_toolkit.html
