Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends February 29, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

Gap Analysis Question

  Quote
Guest
Guest user Created:   Mar 03, 2023 Last commented:   Mar 03, 2023

Gap Analysis Question

I would like to know if it is necessary to define a scope to conduct a gap analysis. What is the best practice?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 03, 2023

First is important to note that ISO 27001 does not require a gap analysis to be performed.

Considering that, you should define a scope for your gap analysis so you can understand which kind of questions you need to consider.

For example, if your gap analysis scope is Research and Development, it does not make sense to include questions related to HR or sales processes.

Additionally, we do not recommend using it for companies smaller than 500 employees because it would make your implementation unnecessarily complex.

You can access the ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

For further information, see:
- ISO 27001 gap analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 03, 2023

Mar 03, 2023

Suggested Topics

Guest user Created:   Apr 17, 2023 ISO 27001 & 22301
Replies: 1
0 0

Gap analysis question

Guest user Created:   May 24, 2019 ISO 27001 & 22301
Replies: 1
0 0

Gap analysis questionnaire

Guest user Created:   Jun 09, 2023 ISO 27001 & 22301
Replies: 1
0 0

Question about gap analysis