ISO 27001 is a recognized standard that organizations use to audit and certify their Information Security Management System (ISMS). Being awarded an ISO 27001 certification demonstrates that the organization has known management procedures to protect the confidentiality, integrity, and availability of the organization’s IT infrastructure.
When you do your gap analysis depends on where you are implementing your Information Security Managemen System (ISMS).
If you are just starting you need to combine your risk assessment along with your gap analysis. In this case your analysis by definition will show many gaps, but it will provide a road map to implementing the ISMS.
Be sure you have purchased the ISO 27001 standard from ISO.org directly.