Please note: This sample shows only a small part of the complete set of Gap Assessment tools and dashboards available in the toolkit. ISO/IEC 27001 Gap Assessment Tool ISMS-FORM-00-4 Terms used ISMS: Information Security Management System
Information security management systems: Requirements AREA/SECTION
SUB-SECTION
ISO/IEC 27001 REQUIREMENTS
REQS MET? ACTION NEEDED TO MEET REQ
4 Context of the organization 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the information security management system 4.4 Information security management system
Have the external and internal issues that affect the ISMS been determined? Have the interested parties and their requirements been identified? Has the scope of the ISMS been determined and documented? Is an ISMS in place and being continually improved? Totals:
Yes Yes Yes Yes
4
5 Leadership 5.1 Leadership and commitment
5.2 Policy
5.3 Organizational roles, responsibilities and authorities
Does top management demonstrate leadership and commitment to the ISMS by providing resources and communicating effectively? (see list A to Is a documented information security policy in place? Does it set objectives for the ISMS? Does it commit the organization to satisfying requirements and continually improving the ISMS? Is it adequately communicated? Are roles, responsibilities and authorities for the ISMS defined? Totals:
Yes
Yes Yes Yes
Yes Yes
6
ACTION OWNER