I have been following your studies and materials about ISO27001 implementation on your website. You stated on your website at https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/ that Gap analysis is done only for Annex “A” controls and that, one DOES NOT need to perform gap analysis for clauses of the main part of the standard. I believe you are referring to the mandatory management clauses from clause 4 to 10. ( Please find attached screenshot)
Now, my confusion is coming from the ISO 27001 Gap Analysis tool you provided on your website at https://advisera.com/27001academy/01academy/emy/ademy/my/free-iso-27001-gap-analysis-tool/?icn=free-gap-analysis-tool-27001&ici=bottom-iso-27001-gap-analysis-tool-txt. In this Gap Analysis tool, you included the mandatory management clauses (i.e. clause 4 to 10) as part of the Gap Analysis checklist when you stated previously that Gap analysis is not performed for the mandatory management clauses.
Can you please explain why?