ISMS-FORM-00-4 ISO27001-17-18 Gap Assessment Tool

Page 1

Please note: This sample shows only a small part of the complete set of Gap Assessment tools and dashboards available in the toolkit. ISO/IEC 27001 Gap Assessment Tool ISMS-FORM-00-4 Terms used ISMS: Information Security Management System

Information security management systems: Requirements AREA/SECTION

SUB-SECTION

ISO/IEC 27001 REQUIREMENTS

REQS MET? ACTION NEEDED TO MEET REQ

4 Context of the organization 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the information security management system 4.4 Information security management system

Have the external and internal issues that affect the ISMS been determined? Have the interested parties and their requirements been identified? Has the scope of the ISMS been determined and documented? Is an ISMS in place and being continually improved? Totals:

Yes Yes Yes Yes

4

5 Leadership 5.1 Leadership and commitment

5.2 Policy

5.3 Organizational roles, responsibilities and authorities

Does top management demonstrate leadership and commitment to the ISMS by providing resources and communicating effectively? (see list A to Is a documented information security policy in place? Does it set objectives for the ISMS? Does it commit the organization to satisfying requirements and continually improving the ISMS? Is it adequately communicated? Are roles, responsibilities and authorities for the ISMS defined? Totals:

Yes

Yes Yes Yes

Yes Yes

6

ACTION OWNER


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.