Take the ISO 27001 course exam and get the
EU GDPR course exam for free
LIMITED-TIME OFFER – ENDS MARCH 30, 2023

Expert Advice Community

Guest

Gap Analysis Question

  Quote
Guest
Guest user Created:   Mar 03, 2023 Last commented:   Mar 03, 2023

Gap Analysis Question

I would like to know if it is necessary to define a scope to conduct a gap analysis. What is the best practice?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 03, 2023

First is important to note that ISO 27001 does not require a gap analysis to be performed.

Considering that, you should define a scope for your gap analysis so you can understand which kind of questions you need to consider.

For example, if your gap analysis scope is Research and Development, it does not make sense to include questions related to HR or sales processes.

Additionally, we do not recommend using it for companies smaller than 500 employees because it would make your implementation unnecessarily complex.

You can access the ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

For further information, see:
- ISO 27001 gap analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 03, 2023

Mar 03, 2023