Q

Getting the most out of the gap analysis process

In this expert response, Neil O'Connor explains how to get the most out of the gap analysis process in your organization.

Neil O'Connor
Published: 27 Jan 2010

I have to do a gap analysis of an existing healthcare system against a set of established requirements. The goals of this analysis are to find the data capture gaps, suggest possible solutions and bring the system up to desired standards to ensure appropriate capture of data and ease of access. What are some common mistakes that can be made in this type of gap analysis process?

The main thing to ensure in any compliance gap analysis is that the scope is understood by both you -- the stakeholders and any other people involved in the compliance processes. To do this you'll need to establish:

The relevant stakeholders for the analysis.
The systems, people and processes that are going to be included in the review.
The detailed requirements against which the gap analysis is to be performed.

One of the key problems in many gap analyses is often getting time in people's diaries for interviews. I find that it helps to first email potential interviewees with a clear statement of the purpose of the interview and the topics that will be covered.

No matter how many steps you take to prepare for the analysis, there is no substitute for knowing the requirements in detail. Also keep in mind that interviews have a habit of going in different directions, so you need to thoroughly understand the metrics being applied in order to gain the required information during the limited interview time available.

Related Q&A from Neil O'Connor

Are there Web service security standards or risk assessment checklists?

As more organisations integrate business-critical functions with Web services, the security of those services becomes of greater importance. But are ... Continue Reading

USB drive security best practices and processes

There are some best practices to follow when it comes to USB drive security. Learn what they are and how to protect your company from USB security ... Continue Reading

Will physical security integrators work with IT departments?

Expert Neil O'Connor shares a recent project that demonstrates how IP-enabled physical security may be changing the market. Continue Reading

Read more on IT risk management

All
News
In Depth
Blog Posts
Opinion
Photo Stories
Videos

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

OT security brings new challenges in the age of IoT

We're diving into the IoT security challenges CIOs need to be aware of as a result of integrating OT devices, which often work in...
The changing role of the CIO

The shift to a digital economy is dramatically changing the role of the CIO, from trusted IT operator to business strategist.
Book excerpt: Communication structures of an organization

The following is an excerpt from 'Team Topologies: Organizing Business and Technology Teams for Fast Flow,' by Matthew Skelton ...

SearchSecurity

DerbyCon attendees and co-founder reflect on the end

DerbyCon attendees and co-founder Dave Kennedy reflect on the legacy and future of the conference following its final event, ...
Test your infosec smarts about IAM and other key subjects

Solidify your knowledge and get CPE credits by taking this quiz on IAM, security frameworks, IoT third-party risks and more.
DerbyCon panel discusses IT mistakes that need to stop

Common security risks can be mitigated or prevented, according to a panel at DerbyCon. But users need to feel empowered to speak ...

SearchNetworking

F5 Networks updates NGINX Application Platform, other tools

Updates include improved security and observability features, a new developer portal, API importing and improved analytics and ...
Legacy tools encumber modern network infrastructure monitoring

Many IT teams still use older monitoring tools that provide limited visibility across multiple network environments. AI and ...
CenturyLink acquires Streamroot, adding P2P CDN capabilities

Peer-to-peer content delivery network technology from Streamroot will enable CenturyLink to reach underserved areas and offer ...

SearchDataCenter

Can next-gen SIEM help cybersecurity initiatives?

More organizations are using SIEM, AI and cloud technology to minimize security breaches. Though despite interest, this ...
IBM z15 mainframe secures data across multi-cloud environments

IBM unveiled the latest in its line of mainframes capable of processing 1 trillion web transactions a day. The IBM z15 ...
Data center management as a service launches DCIM to the cloud

DMaaS is an option for organizations that want to use cloud-based management. Though these offerings hold a lot of promise, there...

SearchDataManagement

How big tech breakup would affect the tech industry

Breaking up the tech giants would be difficult and might create initial chaos in market, help smaller competitors and potentially...
Amazon Quantum Ledger Database brings immutable transactions

Based on technology built internally at Amazon, the tech giant's newest database provides a centralized approach for enabling a ...
Stibo Systems advances multidomain MDM system

The new Stibo Systems 9.2 update expands the MDM platform's features with Sisense business intelligence integration and machine ...

Close