Gap AnalysisISO 27001, version 2015?

I would like to know how to tackle a GAP analiss 27001, whether it should be similar to an internal audit on the planning and documentation, or as external audit stage 2, wherein in step 1 focuses on documentaries and in step 2 in the-spot checks
I solicitadno the company to acquire the full premium kid, I'm waiting for answers Manager.
 

Answer:

The Gap Analysis is more similar to the internal audit, with the difference that the gap is performed at the beginning of the project (when there is nothing implemented). Anyway the Gap analysis is not mandatory, but can be useful and if you want to do it you can use our free tool “Free ISO 27001 Gap Analysis Tool” : https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
Regarding your manager, my recommendation is that you need to show him the benefits of the implementation of the standard, so this article can be interesting for you “Four key benefits of ISO 27001 implementation” : https://advisera.com/27001academy/knowledgebase/four-key-benefits-of-iso-27001-implementation/-implement ation/
Finally, if you want you can write us in Spanish.We have received these questions:

Q1:Need the basic difference in the latest version of 2015
Received links:
- Infographic: New ISO 27001 2013 revision – What has changed? https://advisera.com/27001academy/knowledgebase/infographic-new-iso-27001-2013-revision-what-has-changed/
- How to make a transition from ISO 27001 2005 revision to 2013 revision https://advisera.com/27001academy/knowledgebase/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/
Q2: Do we find any difference in the risk management area? 

Answer:

A1: I am sorry, but the latest version of the ISO 27001 is ISO 27001:2013. There is no ISO 27001:2015, although if your country has been translated the standard this year, you can see ISO/IEC 27001:2015, but with the code of your country at the beginning. For example, in Australia the ISO 27001 has been translated in 2015, so you can see the AS ISO/IEC 27001:2015, however it is the same that ISO/IEC 27001:2013 (all requirements are the same), but using Australian terminology.
A2: There are some changes, but from my point of view one of the more important is that in ISO 27001:2013 you do not need to use the assets-threats-vulnerabilities methodology to identify risks. If you need more information about this, please read this article “What has changed in risk assessment in ISO 27001:2013” : https://advisera.com/27001academy/knowledgebase/what-has-changed-in-risk-assessment-in-iso-270012013/