Expert Advice Community

Home / ISO 27001 & 22301 / Performing gap assessment

Guest

Performing gap assessment

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Feb 19, 2018 Last commented:   Feb 19, 2018

Performing gap assessment

ISO 27001 & 22301
I wanted to know specifically what kind of questions to ask the client during the gap assessment phase of the ISO 27001?
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.

ISO 27001 RISK ASSESSMENT AND RISK TREATMENT METHODOLOGY

Define main rules for risk assessment and treatment.
Expert
Rhand Leal Feb 19, 2018

Answer: Basically you have to ask questions based on standard's requirements, to identify if they are being meet or not.

For example, for requirements such as "The organization shall determine...", the question should be "Did the organization determine...". For requirements such as "The organization shall consider", the question should be "Did the organization consider...", and so on.

To help you perform a gap assessment, I suggest you to take a look at our Free ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/

This simple questionnaire will help you and your client to visualize which specific elements of a information security management system he has already implemented, and what he still needs to do.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 19, 2018

Feb 19, 2018

Suggested Topics
Guest user Created:   Feb 10, 2021 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 certificate
Guest user Created:   Jun 09, 2020 ISO 27001 & 22301
Replies: 1
0 0

Project before implementation
Guest user Created:   Dec 13, 2018 ISO 27001 & 22301
Replies: 6
0 0

Gap analysis