Docy Child

Gap Analysis

Estimated reading: 3 minutes 569 views

What Is It?

Gap Analysis is designed to give you insight into other compliance standards and your gaps towards these. If you are looking to pursue other standards this tool is great for determining the level of effort required from your team. TrustOps instantly provides you with a real-time Gap Analysis for the following standards:

  • SOC 2
  • ISO 9001
  • ISO 27001
  • CMMC Level 1
  • CMMC Level 2

Video: Inside look at Gap Analysis

Gap Analysis Primer

Our team of compliance experts have created Primers as a way to introduce and educate users on other supported standards. Each primer will vary by standard, but will typically include available certifications for the standard, use case, control to standard criteria mapping, and general timeline for readiness.

Gap analysis
Snapshot of our HIPAA Gap Analysis Primer

Readiness Overview

In each Gap Analysis, you will find data that shows instant progress towards other standards measured by control adoption, policies approved, and evidence collected for that standard. Progress towards these are displayed by progress bars.

Gap analysis
Progress bars

You will also find progress percentages for critical focus areas for that standard.

Gap Analysis
Progress percentages

Control Readiness

The Control Readiness page highlights the controls you currently have in your program that meet relevant standard criteria, as well as any controls that would need to be added in order to achieve readiness for this standard.

Control Readiness
Control readiness snapshot

Each criteria will list out Adopted, Planned, and New Controls. Adopted and Planned controls are controls in your existing program that overlap with requirements for that standard. New Controls are controls that would be added to your program if you choose to purchase this standard as an add-on. If you are looking to prepare for another standard but are not ready to financially commit yet, we recommend adopting any Planned controls from your Gap Analysis and remediating Adopted controls so they are in a passing stage with evidence collected.

Adopted controls
Adopted controls
Planned Controls
Planned Controls
New Controls
New Controls

Policy Readiness

The Policy readiness page highlights policies in your program that map towards the standard you are evaluating as well as any new policies that would need to be added. All of the policy cards that you see on this page are part of the policies already included in your program that overlap with that standard. Any New Policies will be listed at the bottom of the page.

Adding a new Standard to your Program

If you are ready to tackle a new standard, you can get in touch with our Trust Advisors by clicking on Get Standard Add-on button on any of the Gap Analysis pages or send us an email at

Join the conversation

Twitter Facebook LinkedIn

❤️  Joyfully crafted by a 100% distributed team.