R
romelroche
Hi,
I'm kinda new to the ISO 27001 standard and was wondering if I could get some views on what a gap assessment should cover. I been told by a number of people that it is performed to evaluate the readiness of the organization against all clauses (4 to 8).
However some mention that the controls (A.5 to A.15) are also to be checked against. Isn't an RA performed to check this ?
Any clarifications would help. Thanks
I'm kinda new to the ISO 27001 standard and was wondering if I could get some views on what a gap assessment should cover. I been told by a number of people that it is performed to evaluate the readiness of the organization against all clauses (4 to 8).
However some mention that the controls (A.5 to A.15) are also to be checked against. Isn't an RA performed to check this ?
Any clarifications would help. Thanks