Getting the most out of the gap analysis process

In this expert response, Neil O'Connor explains how to get the most out of the gap analysis process in your organization.

Neil O'Connor

Published: 27 Jan 2010

I have to do a gap analysis of an existing healthcare system against a set of established requirements. The goals of this analysis are to find the data capture gaps, suggest possible solutions and bring the system up to desired standards to ensure appropriate capture of data and ease of access. What are some common mistakes that can be made in this type of gap analysis process?

The main thing to ensure in any compliance gap analysis is that the scope is understood by both you -- the stakeholders and any other people involved in the compliance processes. To do this you'll need to establish:

The relevant stakeholders for the analysis.
The systems, people and processes that are going to be included in the review.
The detailed requirements against which the gap analysis is to be performed.

One of the key problems in many gap analyses is often getting time in people's diaries for interviews. I find that it helps to first email potential interviewees with a clear statement of the purpose of the interview and the topics that will be covered.

No matter how many steps you take to prepare for the analysis, there is no substitute for knowing the requirements in detail. Also keep in mind that interviews have a habit of going in different directions, so you need to thoroughly understand the metrics being applied in order to gain the required information during the limited interview time available.

Getting the most out of the gap analysis process

In this expert response, Neil O'Connor explains how to get the most out of the gap analysis process in your organization.

Related Q&A from Neil O'Connor

Are there Web service security standards or risk assessment checklists?

USB drive security best practices and processes

Will physical security integrators work with IT departments?

Read more on IT risk management

The big disconnect: Print and digital in the future workplace

Fine-tuning incident response automation for optimal results

Use elicitation techniques to discover software requirements

Is information security gap analysis important for HIPAA compliance?

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

Hyperautomation: The most significant RPA trend of 2020

How ITSM services on mobile devices power employees, boost service

IT salary report shows increased interest in emerging tech hubs

SearchSecurity

RSA Conference 2020 guide: Highlighting security's human element

CrowdStrike founder: China hacking indictments are working

Use TODO comments for secure software, development to production

SearchNetworking

RSA 2020: Experts say US is too slow in deploying 5G

CISA chief can't guarantee election security

Cisco SecureX provides front end for all security tools

SearchDataCenter

A look at software-defined networking upgrade guidelines

Plan for a successful ITIL implementation

Learn the main Linux OS components

SearchDataManagement

Databricks Data Ingestion Network brings data to lakehouse

Lessons learned from Credit Karma GraphQL architecture

EnterpriseDB looks to grow market for PostgreSQL