sujansuresh Created: Jul 29, 2016 Last commented: Jul 30, 2016

Clarifications reg GAP Analysis.

Hi team, during the implementation of an ISO 27001 in an organization which is providing info sec services which has got employees rolled up not more than 100, is it mandatory to do GAP analysis? (as this project is considered to be a green-field ones). If yes, what are all the phases in which I can do GAP Analysis? Has that to be mandatory while starting the project? when it shall be done during ending the project? Could it be done anytime in the middle, during the progress? Kindly clarify the doubts. TIA.

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Jul 30, 2016

ISO 27001 does not require you to perform the Gap Analysis prior to the start of the project; you should perform a kind of shortened version of Gap Analysis while writing your Statement of Applicability.

These materials will help you:
- article ISO 27001 gap analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
- article The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
- free ISO 27001 Gap Analysis Tool: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 29, 2016

Jul 30, 2016

Expert Advice Community