ISO 27001 certificate

1 - how can I conduct the iso27001 gap analysis

Answer: First is important to note that ISO 27001 gap analysis is not mandatory, and is actually not recommended for smaller companies because it only takes away the resources without providing many benefits.

Considering that, the best approach is to develop a checklist of which items you need to verify, and which results you have to find to define if there is a gap or not. When looking for results, some approaches you may use are interviews, documentation evaluation, and field observation. Based on that approach it is easier to develop action plans to eliminate the gaps.

Regarding ISO 27001, I suggest you take a look at our free ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

It was developed as a simple question-and-answer questionnaire so you can visualize which specific elements of an information security management system are already implemented, and what is still needed to do.

For more information, see:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/

2 - what are the minimum requirements to achieve the iso27001 certificate?

Answer: Broadly speaking, the minimum requirements to fulfill if you want to go for ISO 27001 certification are related to clauses 4 to 10 of the standard, involving:
- documentation and implementation of information security-related requirements (e.g., ISMS scope, Information Security Policy, Risk Assessment and Risk treatment, etc.)
- performing internal audit and management review
- treatment of nonconformities and corrective actions.

These articles will provide you a further explanation about ISO 27001 certification:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/
- ISO 27001 implementation checklist https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/

To see how documents compliant with ISO 27001 look like, please take a look at the free demo of our ISO 27001 Documentation Toolkit at this link: https://advisera.com/27001academy/iso-27001-documentation-toolkit/

These materials will also help you regarding ISO 27001 certification:
- ISO 27001: An overview of the ISMS implementation process [free webinar on demand] https://advisera.com/27001academy/webinar/iso-27001-overview-isms-implementation-process-free-webinar-demand/
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- ISO 27001 Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/