Q

Getting the most out of the gap analysis process

In this expert response, Neil O'Connor explains how to get the most out of the gap analysis process in your organization.

Neil O'Connor

I have to do a gap analysis of an existing healthcare system against a set of established requirements. The goals of this analysis are to find the data capture gaps, suggest possible solutions and bring the system up to desired standards to ensure appropriate capture of data and ease of access. What are some common mistakes that can be made in this type of gap analysis process?

The main thing to ensure in any compliance gap analysis is that the scope is understood by both you -- the stakeholders and any other people involved in the compliance processes. To do this you'll need to establish:

The relevant stakeholders for the analysis.
The systems, people and processes that are going to be included in the review.
The detailed requirements against which the gap analysis is to be performed.

One of the key problems in many gap analyses is often getting time in people's diaries for interviews. I find that it helps to first email potential interviewees with a clear statement of the purpose of the interview and the topics that will be covered.

No matter how many steps you take to prepare for the analysis, there is no substitute for knowing the requirements in detail. Also keep in mind that interviews have a habit of going in different directions, so you need to thoroughly understand the metrics being applied in order to gain the required information during the limited interview time available.

This was last published in January 2010

Related Q&A from Neil O'Connor

Are there Web service security standards or risk assessment checklists?

As more organisations integrate business-critical functions with Web services, the security of those services becomes of greater importance. But are ... Continue Reading

USB drive security best practices and processes

There are some best practices to follow when it comes to USB drive security. Learn what they are and how to protect your company from USB security ... Continue Reading

Will physical security integrators work with IT departments?

Expert Neil O'Connor shares a recent project that demonstrates how IP-enabled physical security may be changing the market. Continue Reading

Read more on IT risk management

All
News
In Depth
Blog Posts
Opinion
Photo Stories
Videos

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

How edge computing differs from decentralized computing

Edge computing isn't about sticking servers and storage in a branch location. Learn the critical differences between edge and ...
Facebook's Libra project -- why enterprises should prepare

Facebook's foray into cryptocurrency is setting off alarm bells in government and finance circles. The question is how could the ...
Ransomware attacks: How to get the upper hand

Ransomware attacks are on the rise. Can organizations play like Radiohead and refuse to pay? The answer from security experts is ...

SearchSecurity

Researchers fool Cylance AI antimalware with 'simple' bypass

Security researchers developed a method to make "pure AI" antimalware products classify malware as benign, but it is unclear what...
Equifax to pay up to $700 million in data breach settlement

Under the settlement with the FTC and state attorneys general, Equifax will fork over at least $575 million in civil penalties ...
Enzoic for Active Directory brings continuous password protection

Updates to Enzoic for Active Directory include NIST-compliant Continuous Password Protection, checking passwords against a live ...

SearchNetworking

Niagara Networks and L7 Defense team up for API security

The L7 Defense application Ammune API Defense will run on Niagara Networks' Open Visibility Platform in an effort to bring ...
SD-WAN market sees continued growth, room for mobile support

The SD-WAN market is growing, thanks to financial firms with distributed deployments. VMware and Cisco continue to lead the ...
An introduction to smart NICs and their benefits

This introduction discusses how smart NICs work and how they can benefit data center servers. It also explores the smart NIC ...

SearchDataCenter

A quick guide to data center commissioning

Service provider selection, design documentation and thorough testing are all necessary for commissioning. Learn the process's ...
How machine learning in data centers optimizes operations

Machine learning can help manage your data center more efficiently and address power consumption concerns and hardware ...
3 ways to benefit from open source infrastructure

Using open source infrastructure can reduce operating costs and streamline upgrades, but it's important to weigh the pros and ...

SearchDataManagement

10 cloud database migration mistakes to avoid

Database expert Chris Foot lists the top 10 oversights IT teams commonly make when undertaking a cloud database migration and ...
11 real-time data streaming roadblocks and how to overcome them

Experts detail common challenges that IT teams encounter when deploying and managing real-time data streaming platforms and offer...
Snowflake product VP expounds on data warehouse for the cloud

In this Q&A, Christian Kleinerman, vice president of product development at cloud data warehouse vendor Snowflake, talks about ...

Close