What are the basic steps of a gap analysis, and what are the differences between GAP analysis and Risk Assessment?
Answer:
You can see the GAP analysis as an internal audit, because is very similar, the difference is that the GAP analysis is performed at the beginning of the project (at this moment, most of the things are not implemented), while the internal audit is performed when the management system is implemented, so you can follow the same steps, therefore you can read this article How to make an Internal Audit checklist for ISO 27001 / ISO 22301 : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
And this free tool can be also interesting for you Free ISO 27001 Gap Analysis Tool : https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
Regarding the differences between the Gap analysis and the risk assessment, basically the gap tells you how far you are from ISO 27001 requirements, while the risk assessment tells you which incidents can h appen, anyway this article can be interesting for you ISO 27001 gap analysis vs. Risk assessment : https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
Comment as guest or Sign in
Jan 12, 2016