gap analysis for ISO 27001
Assign topic to the user
First of all, the gap analysis is not mandatory in the ISO 27001. Anyway, If you want to do it, you can see it as an internal audit, with the difference that the gap is performed at the beggining of the project (when all is without implement). So, I recommend you this article How to make an Internal Audit checklist for ISO 27001 / ISO 22301 : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Also I recommend you to read this "ISO 27001 gap analysis vs. risk assessment" : https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
And of course, you can use our template Internal Audit Report : https://advisera.com/27001academy/documentation/internal-audit-report/
Comment as guest or Sign in
Jan 12, 2016