Gap Analysis

What is gap analysis?

Gap analysis is designed to give you insight into other compliance standards and your gaps with them. If you are looking to pursue other standards, this tool is great for determining the level of effort required from your team. TrustOps instantly provides you with a real-time gap analysis for the following standards:

• SOC 2
• HIPAA
• ISO 9001
• ISO 27001
• NIST CSF
• CMMC Level 1
• CMMC Level 2

The following video will help you understand Gap Analysis in a better way.

Video: Inside look at Gap Analysis

Overview

1. Go to your TrustOps program.
2. Click on “Gap Analysis” from the left-hand menu and select “Overview”. The overview page of gap analysis gives you an insight into your overall audit readiness for all standards.
   The following screenshot shows the overview page of “Gap Analysis”.
   
   
3. Click on individual “View Readiness” button to view details of readiness of a particular standard.
   For example, we have selected GDPR here; the following screenshot shows how you can select if you are aware and ready for an audit or you want to learn more.
   
4. If you are new to readiness, select “I’d like to learn more” or else you can select “I’m very familiar with them”.

Gap Analysis Primer

A team of compliance experts has created Primers to introduce and educate users on other supported standards. Each primer varies by standard but typically includes available certifications for the standard, a use case, control to standard criteria mapping, and a general timeline for readiness.

The following screenshot shows the GDPR Gap Analysis Primer.

Readiness Overview

In each gap analysis, data is presented to show the instant progress towards other standards measured by control adoption, policies approved, and evidence collected for that standard. Progress is displayed with progress bars and percentages.

The following screenshot shows the progress bars and the progress percentages for critical focus areas for that standard.

Control Readiness

The Control Readiness page highlights the controls in your program that meet relevant standard criteria. It also shows controls that need to be added in order to achieve readiness for this standard.

The following screenshot shows control readiness.

Each criteria lists out adopted, planned, and new controls. Adopted and planned controls are controls in your existing program that overlap with the requirements for that standard. New controls are controls to be added to your program if you choose to purchase this standard as an add-on. If you are looking to prepare for another standard but are not ready to financially commit yet, it is recommended to adopt any planned controls from your gap analysis and remediate the adopted controls so they are in a passing stage with evidence collected. 

Click on arrow icon in front of the chapter to see the details of the planned, adopted and new controls associated with it.

Policy Readiness

The Policy Readiness page highlights policies in your program that map to the standard you are evaluating as well as any new policies to be added. All of the policy cards on this page are part of the policies already included in your program that overlap with that standard. Any New Policies are listed at the bottom of the page.

Adding a new Standard to your Program

If you are ready to tackle a new standard, you can get in touch with our Trust Advisors by clicking on the Get Standard Add-on button on any of the Gap Analysis pages.

1. Click on “Get GDPR Addon” to start your audit journey with TrustCloud. This will give you an estimate in terms of finances and time.
   
2. Enter your targeted date of completion of an audit and click on the “Send Request” button to schedule a demo with TrustCloud.