Expert Advice Community

Guest

Gap Analysis and planning audits

  Quote
Guest
Guest user Created:   Mar 21, 2019 Last commented:   Mar 21, 2019

Gap Analysis and planning audits

Could you please give me few important factors that help decide the
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 21, 2019

1. Scope of ISMS audit/Gap Analysis, assuming that an organization is not yet implemented ISMS.

Answer: Considering you stated that the organization has not yet implemented the ISMS, then you must consider a Gap Analysis, not an audit, to identify how much of required criteria the organization has already implemented. Considering that, I suggest you to take a look at this free ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

It has a simple question-and-answer format to help you visualize which specific elements of information security management system based on ISO 27001 standard are already implemented, and what still has to be done.

2. Estimate the audit effort

Answer: The main criteria to estimate the audit effort are number of employees and audit complexity. The document you must consider is the IAF MD 5:2015 "Determination of Audit Time of Quality and Environmental Management Systems" and you can find it at this link: https://www.iaf.nu/upFiles/IAFMD5QMSEMSAuditDurationIssue311062015.pdf

Although it's title refers to QMS and EMS it also can be applied to estimate audit days for an ISMS certification audit.

These articles will provide you further explanation about certification audit:
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/

These materials will also help you regarding certification audit:
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
- Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 21, 2019

Mar 21, 2019