Expert Advice Community

Home / ISO 27001 & 22301 / Control gap treatment

Guest

Control gap treatment

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Dec 17, 2017 Last commented:   Dec 17, 2017

Control gap treatment

ISO 27001 & 22301
Gap found during prepare SOA. Does it need to have time frame of remediation action to close it before internal audit activity and first certification of I so 27001?
0 0

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.
Expert
Rhand Leal Dec 17, 2017

Answer: If the gap refers to a standard's mandatory requirement, or to risks considered unacceptable in your risk assessment, it has to be solved at most before the certification audit. Otherwise, its deadline can be defined to a date after the certification, but you have to be prepared to present to the certification auditor the action plan related to the treatment of this gap and any evidence of results already achieved.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 17, 2017

Dec 17, 2017

Suggested Topics
Guest user Created:   May 04, 2023 ISO 27001 & 22301
Replies: 3
0 0

Risk assessment and treatment
Guest user Created:   Jun 17, 2022 ISO 27001 & 22301
Replies: 1
0 0

Question on Creating a Business Case for ISMS ISO 27001:2013
Guest user Created:   Jun 16, 2021 ISO 27001 & 22301
Replies: 1
1 0

Stage 2 Audit and ISMS completion status and Assets listing