ISO Gap Analysis

As part of the Compliant process, we offer a free Gap Analysis to all clients getting started on their ISO journey with us and ongoing clients who have opted for post certification support. Check out what our post certification support offer includes.

What is a Gap Analysis?

A gap analysis is carried out to identify the gaps between an organisation’s current business systems and the requirements of standards like ISO 9001, 14001, 22301, 27001 and 45001. 

If any existing  policies, processes, or procedures fall short of the stated criteria, a gap exists.

To begin our Gap Analysis process Compliant reviews procedures currently in place at your company, thoroughly evaluating them in comparison to the specifications of your chosen standard. We are trained and specialise in all of the main ISO standards including ISO 9001, 14001, 22301, 27001 and 45001 and all Gap Analysis’ are completed by one of our knowledgeable management consultants. 

Following the check, we will provide you with a Gap Analysis that highlights the requirements of the standards, the clause area not covered and shows where the business is complying with them and where improvement is needed.

All of the gaps between your system and the requirements of the standard will be clearly identified in the Gap Analysis list, along with the steps that must be taken to close them.

Once the gaps are closed and your system satisfies all of the standard’s requirements we recommend completing an internal audit before applying for certification. We have strong working relationships with all of the main certifying bodies and can pass cost savings from those relationships directly onto clients.

In this article we detail how to perform a Gap Analysis and where our support comes in. Our Gap Analysis has had proven success and is compatible with ISO 9001, 14001, 22301, 27001, 45001, and other standards.

What is an ISO 27001 Gap Analysis?

When implementing ISO 27001 the Gap Analysis process is more thorough. An ISO 27001 Gap Analysis helps you to evaluate and compare your organisation’s current information security arrangements against the standards of ISO 27001. It also gives you a high-level overview of what has to be done to attain certification.

It gives you the ability to scope your ISMS parameters across all business operations, making it the perfect solution for businesses that need to evaluate their present level of compliance with the standard.

ISO 27001 has remained a popular choice due to its recognition globally and the acceleration of businesses transitioning from physical to digital due to the pandemic.

If your company is considering implementing ISO 27001 and finding out more about ISO 27001 compliance in a previous article of ours here.

Is a gap analysis different from an audit?

The primary distinction between a Gap Analysis and an audit is that, during a Gap Analysis, we will be evaluating your company’s operations against the benchmark. The ultimate aim of the Gap Analysis is to compare an organisation’s policies and procedures to the standard they have chosen, where as an audit’s objective is to determine whether the criteria set out in the standard is being adhered to. The Gap Analysis gives businesses an opportunity to develop evidence where gaps are identified.

ISO support proves to be a real life-saver for national charity

When should a Gap Analysis be completed?

We recommend that a Gap Analysis is completed at the beginning of every ISO journey and ahead of any scheduled audits.  As soon as your business decides to pursue ISO certification, you should complete this initial stage in the procedure. We do not recommend completing a Gap Analysis:

  • Prior to starting your research ISO 9001 certification.
  • Before deciding which standard to pursue.
  • After your company has begun submitting the necessary papers for ISO certification
  • Following the creation of a plan for modernising your quality management system by your company

A Gap Analysis can help you identify the improvements to your current management system that need to be made and will simplify the ISO paperwork for you. We support a wide variety of businesses across a range of industries in gaining their certification and can offer templates to support businesses in building up evidence in gap areas.

Common questions we get asked about the Gap Analysis process

Here are some of the most common questions we get asked about our Gap Analysis process:

  • How much time will it take to get certified?
  • How challenging is it?
  • What’s at stake?
  • What will the price be?

There is no universal response to these concerns because every organisation is unique; they come in various sectors, sizes, complexities, and risk levels.

It is also important to understand where an organisation is on their ISO journey and how much preparation they have already carried out. A Gap Analysis with Compliant enables you to create an action plan to successfully complete certification by identifying the gaps. It can help you plan resources and timeframes by giving you a reality check on where you are in the process.

As part of our Gap Analysis we will compare your existing Management System with the required standards. If any gaps are identified during this analysis we will work with your business to build up appropriate documentation – providing templates where necessary.

One of our lead auditors will also be available throughout your audit day to liaise directly with your auditor, allowing you to get on with your day job.

The Gap Analysis checklist

The Gap Checklist is the most crucial tool for the Gap Analysis. This is a set of requirements for the standard set out that is formatted as a series of questions.

This list is used by our professional auditors to evaluate how well the implemented management system adheres to the criteria of the chosen standard.

The checklist provides our auditor with a guide to record any findings that did or did not meet the criteria including:

  • What current business practices already adhere to the requirements of the ISO standard
  • What current practices and procedures need to be changed in order to comply with the ISO standard
  • What additional steps must be taken to comply with the ISO standard

The Compliant GAP analysis checklist

If you decide to progress with Compliant, we will carry out a detailed ISO Gap Analysis based on the information requested above, adhering to the following checklist:

  • Do you already have an established management system?
  • Have all external and internal issues that are relevant to your organisation’s purpose and the achievement of customer satisfaction and the organisation’s strategic direction been determined?
  • Have all responsibilities, methods, measurements and related performance indicators, needed to ensure the effective operation and control, been established?
  • Has the criteria for managing these processes and their interaction been established?
  • Have these methods and measures been communicated to staff?
  • Do all stakeholders understand their roles and responsibilities in relation to the management system?
  • Does your business have a description of the processes and their sequence and interaction?
  • Has your business considered all the external and internal issues, the needs of interested parties and the scope your products and services?
  • Has top management taken accountability for the effectiveness of the management system?
  • Have customer requirements and applicable statutory and regulatory requirements been determined, met and communicated throughout the organisation?
  • Have business objectives been established at relevant departmental and individual levels with the business?
  • Has the organisation ensured that those persons who can affect the performance of the management system are competent on the basis of appropriate education, training, or experience or taken action to ensure that those persons can acquire the necessary competence?
  • Has employee training been effectively recorded?
  • Have the requirements for the management system been integrated into the business processes?
  • Have the risks and opportunities that are relevant to the management system been identified and recorded?
  • Has your organisation planned actions to address these risks and opportunities and integrated them into the system processes?
  • Has your organisation defined a process for the determining the need for changes to the management system and managing their implementation?
  • Has the organisation determined and provided the resources needed for the establishment, implementation, maintenance and continual improvement of the management system?
  • Is monitoring or measuring is used for evidence of conformity of products and services to specified requirements?
  • Are any nonconforming process outputs managed so as to prevent their unintended use?
  • Are any outsourced processes or services, If yes how are these managed and controlled?
  • Do you ensure that externally provided processes, products, and services conform to specified requirements?
  • Do you design and develop products or services?
  • Do you have criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers?
  • Is property belonging to customers or external providers used in the provision of the product or service?
  • Is the provision of products and services carried out in controlled conditions which include:
    • the availability of documented information that defines the characteristics of the products and services?
    • the availability of documented information that defines the activities to be performed and the results to be achieved?
    • monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met?
    • the people carrying out the tasks are competent?
  • Does your organisation have a defined process for reviewing and communicating with customers in relation to information relating to products and services, enquiries, contracts or order handling?
  • Is there a defined process for the provision of products and services that meet the requirements defined by the customer?
  • Is there a requirement for post-delivery activities associated with the products and services such as warranty, maintenance services, recycling or final disposal?
  • Are performance management reviews established and implemented? If yes how are these recorded?
  • Has your organisation determined the need or opportunities for improvements within the management system and how these will be fed into management reviews?
  • Has it established when the results from monitoring and measurement shall be analysed and evaluated
  • Does your organisation effectively record what needs to be monitored and measured and the methods for monitoring, measurement, analysis and evaluation, to ensure valid results?
  • Has your organisation decided on how it will address the requirement to continually improve the suitability, adequacy, and effectiveness of the management system?
  • Has your organisation determined and selected opportunities for improvement and implemented the necessary actions to meet customer requirements and enhance customer satisfaction?

Our team of dedicated consultants

We support a wide range of organisations, from SMEs to major corporations, in improving the delivery of their products and services. Our team of professional experts, support private and public-sector organisations throughout the UK, and beyond and have a proven track record.

We are uniquely qualified to assist organisations in conducting an ISO Gap Analysis, developing Management systems, and integrating it with already-existing management systems to achieve all associated economies and efficiencies set out in the ISO standards.

We have developed a FREE Gap analysis tool to help businesses get started on their ISO journey. View the tool here.

Get started with Compliant

An initial teams meeting will help us to fully understand your business, its requirements, the structure of the management system required, and the organisational context. We will then submit all your information to one of our preferred certification body partners.

We can help businesses to access funding for their certifications; can offer flexible payment plans of certifications and can pass cost savings from certifications bodies directly onto our customers.

If you would like a FREE quotation just fill in our FREE quote calculator here.