Performing Gap Analysis
Assign topic to the user
Answer:
The best approach is to develop a checklist of which items you need to verify, and which results you have to find to define if there is a gap or not. Based on that approach it is easier to develop action plans to eliminate the gaps.
Regarding ISO 27001, I suggest you to take a look at our free ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
It was developed as a simple question-and-answer questionnaire so you can visualize which specific elements of an information security management system are already implemented, and what is still needed to do.
For more information, see:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
Comment as guest or Sign in
Nov 26, 2018