LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

ISO 27001 Gap Analysis

  Quote
Guest
Guest user Created:   Apr 16, 2018 Last commented:   Apr 16, 2018

ISO 27001 Gap Analysis

As I mentioned in my invitation i started my graduate internship (establishing / implementing ISMS). But I am kind of lost already. What I am doing now is getting to know the organization. And they have implemented iso 9001:2008 almost 2015 version. They already have some measures in place selected from the iso 27002.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 16, 2018
1 - But my starting point for now is to check what they have according the iso 27001. Sort of gap analysis? Current situation. I am kind of in the not knowing how to start this.. I mean do you make a list of all these clauses + annex A and check if they have it documented etc? Or is it more then that?

Answer: For a Gap Analysis you do not only evaluate if they have the requirements documented, but also if the processes and controls are also generating the proper records. To help you with a gap analysis, I suggest you to take a look at our Free ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

2 - What about the maturity? Do I have to measure also the maturity? And how do you do that?
I hope you can give me some advice on how to start this because it is not quite clear to me.

Answer: ISO 27001 does not require performing maturity measurements, but it requires performance measurements, which can be used as parameters to evaluate maturity.

This article will provide you further explanation about ISO 27001 and performance measurement:
- What is IS 27001 https://advisera.com/27001academy/what-is-iso-27001/
- How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/

These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 16, 2018

Apr 16, 2018

Suggested Topics

Guest user Created:   Aug 25, 2017 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Gap Analysis Tool

Guest user Created:   Sep 07, 2020 ISO 27001 & 22301
Replies: 1
0 0

Inquiry about Gap Analysis

Guest user Created:   Feb 10, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 certificate