Comprehensive and Detailed Explanation:
Gap analysis is a structured method used to compare the current state of processes, capabilities, or systems against a desired or required state (such as compliance with ISO standards). The main goal is to determine what needs to change to achieve that future state. While identifying gaps (A) and assessing risks (C) may occur during the process, the primary purpose is strategic planning and improvement.
[Reference:, , ISO/IEC 27001 Implementation Guidelines, Clause 0.3: “Gap analysis is used to evaluate the difference between current practices and ISO requirements and to define actions to meet compliance.”, , Correct answer: B, , —, ]
Submit