Please note: This sample shows only a section of the complete Gap Assessment tool.
ISO/IEC 27001 Gap Assessment Tool ISMS-FORM-00-4
Terms used ISMS: Information Security Management System
Information security management systems: Requirements AREA/SECTION
SUB-SECTION
ISO/IEC 27001 REQUIREMENTS
REQS MET? COMMENTS
4 Context of the organization 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.3 Determining the scope of the information security management system 4.4 Information security management system
Have the external and internal issues that affect the ISMS been determined? Have the interested parties and their requirements been identified? Has the scope of the ISMS been determined and documented?
Yes
Is an ISMS in place and being continually improved?
Yes
Totals:
Yes Yes
4
5 Leadership 5.1 Leadership and commitment
5.2 Policy
5.3 Organizational roles, responsibilities and authorities
Does top management demonstrate leadership and commitment to the ISMS by providing resources and communicating effectively? (see list A to H) Is a documented information security policy in place? Does it set objectives for the ISMS? Does it commit the organization to satisfying requirements and continually improving the ISMS? Is it adequately communicated? Are roles, responsibilities and authorities for the ISMS defined? Totals:
Yes
Yes Yes Yes Yes Yes
6
ACTION NEEDED TO MEET REQ
ACTION OWNER