Gap Analysis and planning audits
Assign topic to the user
1. Scope of ISMS audit/Gap Analysis, assuming that an organization is not yet implemented ISMS.
Answer: Considering you stated that the organization has not yet implemented the ISMS, then you must consider a Gap Analysis, not an audit, to identify how much of required criteria the organization has already implemented. Considering that, I suggest you to take a look at this free ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
It has a simple question-and-answer format to help you visualize which specific elements of information security management system based on ISO 27001 standard are already implemented, and what still has to be done.
2. Estimate the audit effort
Answer: The main criteria to estimate the audit effort are number of employees and audit complexity. The document you must consider is the IAF MD 5:2015 "Determination of Audit Time of Quality and Environmental Management Systems" and you can find it at this link: https://www.iaf.nu/upFiles/IAFMD5QMSEMSAuditDurationIssue311062015.pdf
Although it's title refers to QMS and EMS it also can be applied to estimate audit days for an ISMS certification audit.
These articles will provide you further explanation about certification audit:
- Becoming ISO 27001 certified – How to prepare for certification audit https://advisera.com/27001academy/iso-27001-certification/
- Which questions will the ISO 27001 certification auditor ask? https://advisera.com/27001academy/blog/2015/07/20/which-questions-will-the-iso-27001-certification-auditor-ask/
These materials will also help you regarding certification audit:
- ISO 27001/ISO 22301: The certification process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001iso-22301-certification-process-free-webinar-demand/
- Preparing for ISO Certification Audit: A Plain English Guide https://advisera.com/books/preparing-for-iso-certification-audit-plain-english-guide/
Comment as guest or Sign in
Mar 21, 2019