Expert Advice Community

Guest

Gap analysis

  Quote
Guest
Guest user Created:   May 19, 2020 Last commented:   May 19, 2020

Gap analysis

1. I have a question to ask. Do we do the gap analysis first or IT risk framework?

2. Which is easier to do? Looking forward to your feedback.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 19, 2020

1. I have a question to ask. Do we do the gap analysis first or IT risk framework?

 I'm assuming your questions are about ISO 22301 implementation and the management of IT-related risks.

Considering that, first is important to note that ISO 22031 does not require a gap analysis to be performed, while the risk assessment is mandatory. Second, gap analysis is not recommended for smaller companies, because in general, it is not worth the effort due to their size and complexity. So, for smaller companies, it is better to perform only the IT risk framework, because will give you more specifics about handling risks in your IT environment.

For bigger companies, the gap analysis will provide you a quick and comprehensive view of how much of the standard you already have implemented, and the results of gap analysis can be used as input for the IT risk framework.

2. Which is easier to do? Looking forward to your feedback.

Because gap analysis requires an overview of the situation, and the IT Risk Framework involves a deeper knowledge of risk management steps, the gap analysis would be easier to perform for a beginner.

This article will provide you a further explanation about the gap analysis and risk assessment (although the article is about ISO 27001 the concepts also apply to ISO 22301):

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 19, 2020

May 19, 2020

Suggested Topics

Guest user Created:   Sep 07, 2020 ISO 27001 & 22301
Replies: 1
0 0

Inquiry about Gap Analysis

Guest user Created:   Jun 12, 2020 ISO 27001 & 22301
Replies: 1
0 0

Gap analysis

Guest user Created:   May 27, 2020 ISO 27001 & 22301
Replies: 1
0 0

ISO 22301 gap analysis