Knowledge Hub 
FAQ 
Definitions 
Remote Support 
Videos Demos
Gap Analysis
In business and economics, a gap analysis is a tool that helps an organization to compare its actual performance to its potential performance. At its core are two questions: "Where are we?" and "Where do we want to be?" If a company or organization is not making the best use of its current resources or is forgoing investment in capital or technology, then it may be producing or performing at a level below its potential. This concept is similar to the base case of being below one's production possibilities frontier.
The goal of gap analysis is to identify the gap between the optimized allocation and integration of the inputs (resources) and the current level of allocation. This helps provide the company with insight into areas which could be improved. The gap analysis process involves determining, documenting and approving the variance between business requirements and current capabilities. Gap analysis naturally flows from benchmarking and other assessments. Once the general expectation of performance in the industry is understood, it is possible to compare that expectation to the company's current level of performance. This comparison becomes the gap analysis. Such analysis can be performed at the strategic or operational level of an organization.
Gap analysis is a formal study of what a business is doing currently and where it wants to go in the future. It can be conducted, in different perspectives, as follows:
- Organization (e.g., human resources)
- Business direction
- Business processes
- Information technology
Gap analysis provides a foundation for measuring investment of time, money and human resources required to achieve a particular outcome (e.g. to turn the salary payment process from paper-based to paperless with the use of a system).
Demo Gap Analysis Report for ISO 14001 below
A bus company wants to sharpen its competitive edge. The company is preparing it's environmental policy according to sub-clause 4.2 of the ISO 14001 environmental management systems standard.
The policy:
- is appropriate to the nature of the company‘s activities.
- provides the framework for setting and reviewing environmental objectives and targets.
- includes a commitment to continual improvement and prevention of pollution.
- includes a commitment to comply with applicable legal requirements and other environmental requirements.
The policy has been presented to a portion of the personnel but it has not been completely communicated to all persons working for the company and it is not available to the public. The policy will later be documented, implemented and maintained.
Demo Gap Analysis Report for ISO 9001 below
A software company is developing a product that will be realized according to the guidelines of clause 7 of the ISO 9001:2008 quality management systems standard. Here is a brief description of the gap analysis:
- The product realization has been thoroughly planned.
- Most of the product requirements have been determined and reviewed.
- The design and development of the product has only been partially implemented but has been thoroughly planned and determined.
- Production and service provision will be implemented when the product is complete.
Demo Gap Analysis Report for ISO 22000 below
A new restaurant just opened. The manager wants to make sure that the food safety management system is solid so he takes a look at clause 4 of the ISO 22000 food management safety standard. Many controls have been implemented but because the restaurant is new, there are many future controls as well.
Demo Gap Analysis Report for ISO/IEC 27001 and ISO/IEC 27002 below
A banking organization is improving it‘s security. Physical obstacles and entry controls are being set up around areas that require maximum security and strict rules are being set regarding the handling of information and equipment according to the ISO/IEC 27001 Information Security standard with implementation guidance from the ISO/IEC 27002 standard.
Demo Gap Analysis Report for ISO/IEC 27001 and ISO/IEC 27011 below
A telecommunications company wants to increase it‘s security. Physical barriers and entry controls are being checked as well as protection against physical and environmental hazards. Other security measures are being implemented according to the ISO/IEC 27001 information security standard with implementation guidance from the ISO/IEC 27011 standard.
Demo Gap Analysis Report for BS 25999-2:2007 below
An airline company wants to ensure that critical business functions will be available to customers, suppliers, regulators, and others that must have access to those functions. Thus, the organization is establishing a BCMS (business continuity management system) according to the BS 25999-2:2007 Business continuity management standard.
