Getting the most out of the gap analysis process

In this expert response, Neil O'Connor explains how to get the most out of the gap analysis process in your organization.

Neil O'Connor

Published: 27 Jan 2010

I have to do a gap analysis of an existing healthcare system against a set of established requirements. The goals of this analysis are to find the data capture gaps, suggest possible solutions and bring the system up to desired standards to ensure appropriate capture of data and ease of access. What are some common mistakes that can be made in this type of gap analysis process?

The main thing to ensure in any compliance gap analysis is that the scope is understood by both you -- the stakeholders and any other people involved in the compliance processes. To do this you'll need to establish:

The relevant stakeholders for the analysis.
The systems, people and processes that are going to be included in the review.
The detailed requirements against which the gap analysis is to be performed.

One of the key problems in many gap analyses is often getting time in people's diaries for interviews. I find that it helps to first email potential interviewees with a clear statement of the purpose of the interview and the topics that will be covered.

No matter how many steps you take to prepare for the analysis, there is no substitute for knowing the requirements in detail. Also keep in mind that interviews have a habit of going in different directions, so you need to thoroughly understand the metrics being applied in order to gain the required information during the limited interview time available.

Getting the most out of the gap analysis process

In this expert response, Neil O'Connor explains how to get the most out of the gap analysis process in your organization.

Related Q&A from Neil O'Connor

Are there Web service security standards or risk assessment checklists?

USB drive security best practices and processes

Will physical security integrators work with IT departments?

Read more on IT risk management

EAM vs. CMMS: What are the differences?

The big disconnect: Print and digital in the future workplace

Fine-tuning incident response automation for optimal results

Book excerpt: The five phases of decision architecture methodology

SearchCIO

The future of trust must be built on data transparency

What are the advantages and disadvantages of RPA?

Texas power outage flags need to revisit business continuity

SearchSecurity

Microsoft Exchange Server zero-days exploited in the wild

Accellion FTA attacks claim more victims

Technical controls to prevent business email compromise attacks

SearchNetworking

Cisco completes $4.5 billion Acacia deal

5 steps to conduct network penetration testing

5 benefits of Wi-Fi 6 for enterprise networks

SearchDataCenter

CRAC design upgrades simplify HVAC maintenance

IBM leans on Red Hat to adapt Power servers for hybrid cloud

Private cloud certificates to build up your tech skills

SearchDataManagement

Microsoft ignites Apache Cassandra Azure service

Airbyte set to advance open source data integration platform

Open source database migration guide: How to transition