Project before implementation
Our company decision is to first check our compliance with ISO 27001. This is my project. I attend training for ISO 27001 internal auditor and manager of the ISMS system.
So the scope of my project is to get the info on how and where we comply (gap analysis) and what we still need to do (plan for implementation). Based on this our management will decide to go into activities towards obtaining certification. This will be a separate project.
Everywhere I can just find info on how to prepare a project for implementation, but not how to prepare a project to get my scope. Can you please help me with this.
Assign topic to the user
For performing a gap analysis against ISO 27001 requirements, I suggest you take a look at our ISO 27001 Gap Analysis Tool at this link: https://advisera.com/27001academy/free-iso-27001-gap-analysis-tool/
It is a simple question-and-answer format that allows you to visualize which specific elements of an information security management system you’ve already implemented, and what you still need to do.
In case you are a small company, the scope of the implementation will most probably be their whole company because this will be the easiest for the implementation.
This article will provide you a further explanation about the gap analysis:
- ISO 27001 gap analysis vs. risk assessment https://advisera.com/27001academy/knowledgebase/iso-27001-gap-analysis-vs-risk-assessment/
Comment as guest or Sign in
Jun 09, 2020