Assign topic to the user
The gap analysis is not mandatory before the begin of the ISMS implementation according to ISO 27001:2013, although it can be very useful. The Gap analysis is about the requirements of ISO 27001, including the security controls of Annex A (that as you know are the same as the security controls of ISO 27002).
To perform this activity, of course you can use CMMI levels to assess the compliance of each requirement, and you can also use our free tool "Free ISO 27001 Gap Analysis Tool" :https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
Comment as guest or Sign in
Jan 12, 2016