Please note: This sample shows only a small part of the complete Enhanced Gap Assessment tool. This comprehensive gap assessmnet tool includes the exact text of the ISO27001 Standard broken down by individual requirement within a user friendly spreadsheet. ISO/IEC 27001 Enhanced Gap Assessment Tool Information security management systems: Requirements Note: Requirements are indicated within the ISO/IEC 27001 standard by the use of the word "shall" and by numbered lists, for example A to G. AREA/SECTION
SUB-SECTION
ISO/IEC 27001 REQUIREMENTS
REQS MET? ACTION NEEDED TO MEET REQ
4 Context of the organization 4.1 Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its information security management system.
Yes
4.2 Understanding the needs and expectations of interested parties
The organization shall determine: a) interested parties that are relevant to the information security management system;
Yes
b) the relevant requirements of these interested parties;
Yes
c) which of these requirements will be addressed through the information security management system.
Yes
The organization shall determine the boundaries and applicability of the information security management system to establish its scope.
Yes
4.3 Determining the scope of the information security management system
When determining this scope, the organization shall consider:
4.4 Information security management system
a) the external and internal issues referred to in 4.1;
Yes
b) the requirements referred to in 4.2;
Yes
c) interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations.
Yes
The scope shall be available as documented information.
Yes
The organization shall establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document.
Yes
Totals:
Purchase online at www.certikit.com For any questions, please email sales@certikit.com
10
ACTION OWNER
ISO/IEC 27001 Enhanced Gap Assessment Dashboard To refresh chart data, click on “Refresh All” on the Data ribbon.
Gap assessment results AREA OF STANDARD
REQS IN SECTION
4 Context of the organization 5 Leadership 6 Planning 7 Support 8 Operation 9 Performance evaluation 10 Improvement A.5 Organizational controls A.6 People controls A.7 Physical controls A.8 Technological controls Total
NO OF REQS MET
10 18 44 24 9 29 14 37 8 14 34 241
PERCENTAGE CONFORMANT
10 18 44 24 9 29 14 37 8 14 34 241
Percentage level of conformity to the ISO/IEC 27001 standard radar chart
100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100% 100%
4 Context of the organization 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%
A.8 Technological controls
A.7 Physical controls
5 Leadership
6 Planning
A.6 People controls
7 Support
A.5 Organizational controls
8 Operation
10 Improvement
9 Performance evaluation
Level of conformity to the ISO/IEC 27001 standard REQS IN SECTION
NO OF REQS MET
50 44
45
44
40
37
37 34
35 29
30 24
25
34
29
24
18 ISO/IEC 27001 standard 20 Percentage level of conformity18 to the 14
15
10
10
9
10
14
14
9
8
14
8
5 0 4 Context of the organization
5 Leadership
6 Planning
7 Support
8 Operation
9 Performance evaluation
10 Improvement
A.5 Organizational controls
A.6 People controls
A.7 Physical controls
A.8 Technological controls
Percentage level of conformity to the ISO/IEC 27001 standard 100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
100%
4 Context of the organization
5 Leadership
6 Planning
7 Support
8 Operation
9 Performance evaluation
10 Improvement
A.5 Organizational controls
A.6 People controls
A.7 Physical controls
A.8 Technological controls
100% 90% 80%
70% 60% 50% 40% 30% 20% 10% 0%
Purchase online at www.certikit.com For any questions, please email sales@certikit.com