Q

Getting the most out of the gap analysis process

In this expert response, Neil O'Connor explains how to get the most out of the gap analysis process in your organization.

Neil O'Connor

By

Neil O'Connor

Published: 27 Jan 2010

I have to do a gap analysis of an existing healthcare system against a set of established requirements. The goals of this analysis are to find the data capture gaps, suggest possible solutions and bring the system up to desired standards to ensure appropriate capture of data and ease of access. What are some common mistakes that can be made in this type of gap analysis process?

The main thing to ensure in any compliance gap analysis is that the scope is understood by both you -- the stakeholders and any other people involved in the compliance processes. To do this you'll need to establish:

The relevant stakeholders for the analysis.
The systems, people and processes that are going to be included in the review.
The detailed requirements against which the gap analysis is to be performed.

One of the key problems in many gap analyses is often getting time in people's diaries for interviews. I find that it helps to first email potential interviewees with a clear statement of the purpose of the interview and the topics that will be covered.

No matter how many steps you take to prepare for the analysis, there is no substitute for knowing the requirements in detail. Also keep in mind that interviews have a habit of going in different directions, so you need to thoroughly understand the metrics being applied in order to gain the required information during the limited interview time available.

Related Q&A from Neil O'Connor

Are there Web service security standards or risk assessment checklists?

As more organisations integrate business-critical functions with Web services, the security of those services becomes of greater importance. But are ... Continue Reading

USB drive security best practices and processes

There are some best practices to follow when it comes to USB drive security. Learn what they are and how to protect your company from USB security ... Continue Reading

Will physical security integrators work with IT departments?

Expert Neil O'Connor shares a recent project that demonstrates how IP-enabled physical security may be changing the market. Continue Reading

Read more on IT risk management

All
News
In Depth
Blog Posts
Opinion
Photo Stories
Videos

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

Risk-based digital identity benefits CIOs, CMOs and customers

Asking customers to reaffirm their digital identities by sharing private information undermines CX and data security. Instead, ...
Agile practices endure and continue to adapt

As the 20th anniversary of the Agile Manifesto approaches, Agile practices remain vital to software development and are being ...
Mark Schwartz dives into risk management in War and Peace and IT

Get an inside look into Mark Schwartz's new book, War and Peace and IT, with a chapter excerpt on risk and opportunity, as...

SearchSecurity

ZombieLoad v2 disclosed, affects newest Intel chips

Researchers disclosed another variant of the ZombieLoad side-channel attack that affects the newest Intel processors, and also ...
Build new and old strategies into insider threat management

The risk of insider threat does not discriminate across industry lines. Learn how to build an insider threat management program ...
How and why data breach lawsuits are settled

For all of the talk about data breach class action lawsuits, virtually none of them reach a courtroom. Here's why and how data ...

SearchNetworking

Juniper taps Mist Systems for wired, wireless LAN analytics

Juniper Networks is using its Mist Systems acquisition to provide cloud-based analytics for a wired and wireless LAN built with ...
After a data breach occurs, follow this network security checklist

Before a network breach occurs, you should already have a response plan in place. To make sure you're taking a proactive approach...
Explore evolving network performance monitoring tools

The network performance monitoring market is changing to address the emergence of IoT and AI. Read more about the NPM market ...

SearchDataCenter

Microsoft quantum development turns toward hardware

Microsoft revealed plans to jump into the quantum hardware business with a chip capable of running quantum software.
Top 5 options for Linux certifications

Are you ready to expand your Linux knowledge? Here's a look at the latest courses, training content and exams available from ...
New hardware, use cases shape server benchmarking needs

Advancements in server hardware help admins address the latest data-intensive use cases. But this brings questions about the ...

SearchDataManagement

Managing unstructured data is crucial to enterprises' AI goals

Unstructured data makes up a huge portion of most businesses' data volume. But, with data-hungry AI systems coming online, making...
ScyllaDB set to improve NoSQL database performance

ScyllaDB has been helpful for big organizations such as Comcast, which was able to trim from nearly 1,000 database nodes to 78 ...
Translytical data platforms provide options to unify databases

Forrester identifies top vendors in the translytical database category and common elements that help make the unified database ...

Close