ISO 27001:2013 is the international standard that describes best practice for an information security management system (ISMS). Accredited certification to ISO 27001 demonstrates that you’re following international information security best practices.
If you currently hold registration to the 2005 version of the Standard, you will need to make amendments to your ISMS now in order to meet your compliance requirements by the time of the next visit from your certification body.
The full requirements of ISO 27001:2013 can be found in the official Standard, which is available to purchase here: https://www.itgovernanceusa.com/shop/p-1374.aspx.
Although using the Standard is a great way of seeing what the requirements are, it doesn’t help you so much in determining whether or not you meet those requirements.
Perform a gap analysis
Many organizations use the ISO 27001:2013 Gap Analysis Tool to identify where they are and are not meeting the requirements of ISO 27001:2013. This is great for those who are under strict deadlines and need to prioritize their work areas for a final, pre-certification audit review of the ISMS.
The gap analysis tool is made up of a self-assessment questionnaire, which details all of the clauses and controls found in the Standard, so you will be able to easily check whether you’re meeting the requirements of ISO 27001:2013.
The tool has been developed by IT Governance’s in-house ISO27001 consultants and provides a comprehensive, simple-to-use checklist for organizations looking to achieve ISO27001 certification. It is designed to work in any Microsoft environment and does not depend on complex databases or need to be installed like software.
Ensure you’re meeting the requirements of ISO 27001:2013 with the Gap Analysis Tool.