Internal audit vs Gap analysis
Assign topic to the user
I suppose that you refer to the Internal Audit when you say Fault finding, because one of the objectives of the Internal Audit is to find faults. If so, the difference between both is that the Gap analysis is performed at the beginning of the project of implementation, to compare the status of the organization with the requirements of the standard, and it is not mandatory. On the other hand, the Internal Audit must to be performed each year before the certification audit, and it is mandatory (is established as requirement in the clause 9.2 of the ISO 27001:2013).
Remember that we have an article very interesting about how to make an internal audit checklist, if you want to see it, please check out this How to make an Internal Audit checklist for ISO 27001 / ISO 22301: https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Comment as guest or Sign in
Jan 12, 2016