ISO IEC 27001
          2013 Gap Analysis Tool

This page will introduce our Information Security Gap Analysis Tool.
It will show you how it is organized and how it is used. It will also
show you an example of our approach. Once you've examined
our approach, we hope you'll consider purchasing our

new ISO IEC 27001 2013 Gap Analysis Tool (Title 36).

Our Gap Analysis Tool will tell you what you need to do to comply with
the new ISO IEC 27001 2013 information security management standard.
Our tool will pinpoint the gaps that exist between the new standard and
your current security practices. Once you know exactly where your gaps
are, you can take steps to fill them. By using this approach, you will not
only comply with the standard, but you will also improve the overall performance of your information security management system (ISMS).

Our Gap Analysis Tool assumes that your organization already has an
ISMS and that all you need to do is make incremental changes in order
to ensure that it complies with the new standard.
It consists of seven sets
of questionnaires, one for each of the seven sections (4 to 10) that make
up the core of the standard. In total, there are 517 questions, one for each
of the requirements that make up the ISO IEC 27001 2013 standard.

For each question, two answers are possible: YES or NO. A YES answer
means you’re in compliance with the standard while a NO answer means
you’re not in compliance. NO answers reveal gaps that exist between the
ISO IEC 27001 2013 standard and your organization’s information security
management practices. To the right of your answers, you will find a column
that you can use to record any comments or observations you might have.

Once all seven questionnaires have been completed, study your NO
answers, your own comments, and our questions and then use this
information to develop your own unique ISO IEC 27001 2013 Information
Security Management Compliance Plan
. Use this information to formulate
actions or steps that need to be taken in order to bring your information
security management practices into compliance with the standard.
If you use our approach, you’ll end up with an ISMS that complies
with the new ISO IEC 27001 standard.


ISO IEC 27001 2013 GAP ANALYSIS TOOL

TABLE OF CONTENTS (TITLE 36)

 

INTRODUCTION

 

1

Profile of Gap Analysis Project

3

2

Explanation of Gap Analysis Tool

4

3

Overview of ISO IEC 27001 2013 Standard

6

 

PLAIN ENGLISH QUESTIONNAIRES 

 

4

Contextual Gap Analysis Questionnaire

10

5

Leadership Gap Analysis Questionnaire

15

6

Planning Gap Analysis Questionnaire

18

7

Support Gap Analysis Questionnaire

25

8

Operational Gap Analysis Questionnaire

34

9

Evaluation Gap Analysis Questionnaire

37

10

Improvement Gap Analysis Questionnaire

SAMPLE

 

PLAIN ENGLISH ANNEXES

 

A

Plain English Control Objectives and Controls

45

B

Plain English Information Security Definitions

74

NOV 2013

COPYRIGHT © 2013 BY PRAXIOM RESEARCH GROUP LIMITED 

VER 1.0


SAMPLE QUESTIONNAIRE

ISO IEC 27001 2013 GAP ANALYSIS TOOL

10. IMPROVEMENT GAP ANALYSIS QUESTIONNAIRE

10.1 IDENTIFY NONCONFORMITIES AND TAKE CORRECTIVE ACTIONS

1

Do you identify nonconformities when they occur?

YES

NO

 

 

2

 

Do you document your organization's nonconformities?

YES

NO

 

 

3

 

Do you control documents describing nonconformities?

YES

NO

 

 

4

Do you react to your organization's nonconformities?

YES

NO

 

 

5

 

Do you control and contain your nonconformities?

YES

NO

 

 

6

 

Do you correct your nonconformities when appropriate?

YES

NO

 

 

7

 

Do you manage the consequences of nonconformities?

YES

NO

 

 

8

Do you evaluate the need to eliminate causes?

YES

NO

 

 

9

 

Do you review each nonconformity?

YES

NO

 

 

10

 

Do you determine what caused each nonconformity?

YES

NO

 

 

11

 

Do you figure out if similar nonconformities exist?

YES

NO

 

 

12

   

Do you figure out if similar problems could occur?

YES

NO

 

 

13

 

Do you decide whether corrective action should be taken?

YES

NO

 

 

14

   

Do you ensure that nonconformities do not recur?

YES

NO

 

 

15

     

Do you ensure that they don't occur elsewhere?

YES

NO

 

 

16

 

Do you develop corrective actions to address causes?

YES

NO

 

 

17

   

Do you ensure that corrective actions are appropriate?

YES

NO

 

 

18

   

Do you ensure that corrective actions deal with effects?

YES

NO

 

 

19

 

Do you document your corrective actions?

YES

NO

 

 

20

   

Do you control related documents and records?

YES

NO

 

 

21

Do you implement corrective actions to address causes?

YES

NO

 

 

22

 

Do you document the results that your actions achieve?

YES

NO

 

 

23

   

Do you control documents that describe your results?

YES

NO

 

 

24

Do you review the effectiveness of corrective actions?

YES

NO

 

 

25

Do you change your ISMS whenever necessary?

YES

NO

 

 

10.2 ENHANCE THE OVERALL PERFORMANCE OF YOUR ISMS

26

Do you improve the performance of your ISMS?

YES

NO

 

 

27

 

Do you improve the suitability of your ISMS?

YES

NO

 

 

28

 

Do you improve the adequacy of your ISMS?

YES

NO

 

 

29

 

Do you improve the effectiveness of your ISMS?

YES

NO

 

 

Consider each question and select a response. A YES answer
means you’re in compliance while a NO answer points to a security gap.


Attention

Now that you know what our Gap Analysis Tool looks like, please
consider purchasing Title 36: ISO IEC 27001 2013 Gap Analysis Tool.
If you purchase our Plain English Gap Analysis Tool, you'll find that it's
integrated, detailed, exhaustive, and easy to understand. You'll find that
we've worked hard to create a high quality product. In fact, we guarantee it.

Title 36 is 91 pages long and comes in pdf and MS Word file formats.

Check our Prices

Place an Order

Check our License


MORE ISO IEC 27001 2013 PAGES

Introduction to ISO IEC 27001 2013

Plain English Outline of ISO IEC 27001 2013

Plain English Information Security Checklist

Plain English Overview of ISO IEC 27001 2013

ISO IEC 27000 2014 Definitions in Plain English

ISO IEC 27001 2013 versus ISO IEC 27001 2005

ISO IEC 27001 2013 Translated into Plain English

Overview of ISO IEC 27001 2013 Annex A Controls

ISO IEC 27002 2013 PAGES

ISO IEC 27002 2013 Introduction

Overview of ISO IEC 27002 2013 Standard

Information Security Control Objectives

How to Use ISO IEC 27002 2013 Standard

ISO IEC 27002 2013 versus ISO IEC 27002 2005

ISO IEC 27002 2013 Translated into Plain English

Plain English ISO IEC 27002 2013 Security Checklist

Plain English ISO IEC 27002 2013 Audit Questionnaires

Updated on January 27, 2017. First published on June 12, 2006.

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited         help@praxiom.com          780-461-4514


Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright © 2006 - 2017 by Praxiom Research Group Ltd. All Rights Reserved.

 Praxiom
        Research Group Limited