Q

Getting the most out of the gap analysis process

In this expert response, Neil O'Connor explains how to get the most out of the gap analysis process in your organization.

Neil O'Connor

I have to do a gap analysis of an existing healthcare system against a set of established requirements. The goals of this analysis are to find the data capture gaps, suggest possible solutions and bring the system up to desired standards to ensure appropriate capture of data and ease of access. What are some common mistakes that can be made in this type of gap analysis process?

The main thing to ensure in any compliance gap analysis is that the scope is understood by both you -- the stakeholders and any other people involved in the compliance processes. To do this you'll need to establish:

The relevant stakeholders for the analysis.
The systems, people and processes that are going to be included in the review.
The detailed requirements against which the gap analysis is to be performed.

One of the key problems in many gap analyses is often getting time in people's diaries for interviews. I find that it helps to first email potential interviewees with a clear statement of the purpose of the interview and the topics that will be covered.

No matter how many steps you take to prepare for the analysis, there is no substitute for knowing the requirements in detail. Also keep in mind that interviews have a habit of going in different directions, so you need to thoroughly understand the metrics being applied in order to gain the required information during the limited interview time available.

This was last published in January 2010

Related Q&A from Neil O'Connor

Are there Web service security standards or risk assessment checklists?

As more organisations integrate business-critical functions with Web services, the security of those services becomes of greater importance. But are ... Continue Reading

USB drive security best practices and processes

There are some best practices to follow when it comes to USB drive security. Learn what they are and how to protect your company from USB security ... Continue Reading

Will physical security integrators work with IT departments?

Expert Neil O'Connor shares a recent project that demonstrates how IP-enabled physical security may be changing the market. Continue Reading

Read more on IT risk management

All
News
In Depth
Blog Posts
Opinion
Photo Stories
Videos

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

Surveillance technology under fire, amid growing societal concerns

As San Francisco halts city use of facial recognition technology, CIOs could see more regulatory actions against surveillance ...
Deep learning pioneer Fei-Fei Li on the fundamentals of ethical AI

AI luminary Fei-Fei Li was among a group of distinguished AI researchers asked to share their thoughts on how to develop ethical ...
Andrew Ng's AI playbook for the enterprise: 6 must-dos

AI legend and online education pioneer Andrew Ng has developed an AI playbook for businesses. Here are six must-dos.

SearchSecurity

CrowdStrike, NSS Labs settle legal disputes over product testing

CrowdStrike and NSS Labs have ended their legal dispute with a confidential settlement agreement, which resolves all lawsuits ...
Barracuda Advanced Bot Protection safeguards web applications

Advanced Bot Protection is a cloud-hosted platform that defends against automated threats using AI. It is available as both a web...
Microsoft bets on ElectionGuard SDK to fortify election security

Ahead of the 2020 elections, Microsoft unveiled ElectionGuard, an open source SDK designed to provide end-to-end verification of ...

SearchNetworking

Huawei ban will hasten its retreat from U.S. suppliers

The Huawei ban will spur a faster retreat from U.S. suppliers, as the Chinese tech company invests more in its manufacturing ...
Cisco vulnerability fix for thrangrycat carries risks

The Cisco vulnerability fix for thrangrycat could make affected hardware unusable. But the vendor said its ready to replace ...
The status of white box networking in the enterprise

Despite the benefits of white box networking, most enterprises are cautious about deployment. Use these five questions to ...

SearchDataCenter

How do I size a UPS unit?

Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...
How to enhance FTP server security

If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...
3 ways to approach cloud bursting

With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

GDPR privacy concerns still brewing on law's first birthday

The first year of the much-debated EU protection rule was subdued. High-profile fines for privacy breaches have yet to appear, ...
The main picks for Hadoop distributions on the market

Check out the current top Hadoop distribution vendors in the market to help you determine which product is best for your company.
Inside view of Tibco integration architecture planning

Tibco's acquisitions of well-regarded, small software specialists such as SnappyData are part of a drive toward what it calls '...

Close