Guest
Control gap treatment
Gap found during prepare SOA. Does it need to have time frame of remediation action to close it before internal audit activity and first certification of I so 27001?
Assign topic to the user
Expert
Rhand Leal
Dec 17, 2017
Answer: If the gap refers to a standard's mandatory requirement, or to risks considered unacceptable in your risk assessment, it has to be solved at most before the certification audit. Otherwise, its deadline can be defined to a date after the certification, but you have to be prepared to present to the certification auditor the action plan related to the treatment of this gap and any evidence of results already achieved.
Comment as guest or Sign in
Dec 17, 2017
Dec 17, 2017
Dec 17, 2017