Gap Analysis

Estimated reading: 4 minutes 1907 views

What is gap analysis?

Gap analysis is designed to give you insight into other compliance standards and your gaps with them. If you are looking to pursue other standards, this tool is great for determining the level of effort required from your team. TrustOps instantly provides you with a real-time gap analysis for the following standards:

  • SOC 2
  • ISO 9001
  • ISO 27001
  • CMMC Level 1
  • CMMC Level 2

The following video will help you understand Gap Analysis in a better way.

Video: Inside look at Gap Analysis


  1. Go to your TrustOps program.
  2. Click on “Gap Analysis” from the left-hand menu and select “Overview”. The overview page of gap analysis gives you an insight into your overall audit readiness for all standards.
    The following screenshot shows the overview page of “Gap Analysis”.
    TO Gap Analysis Overview 02
  3. Click on individual “View Readiness” button to view details of readiness of a particular standard.
    For example, we have selected GDPR here; the following screenshot shows how you can select if you are aware and ready for an audit or you want to learn more.
    TO Gap Analysis Readiness GDPR 03
  4. If you are new to readiness, select “I’d like to learn more” or else you can select “I’m very familiar with them”.

Gap Analysis Primer

A team of compliance experts has created Primers to introduce and educate users on other supported standards. Each primer varies by standard but typically includes available certifications for the standard, a use case, control to standard criteria mapping, and a general timeline for readiness.

The following screenshot shows the GDPR Gap Analysis Primer.

TO Gap Analysis GDPR Primer 04

Readiness Overview

In each gap analysis, data is presented to show the instant progress towards other standards measured by control adoption, policies approved, and evidence collected for that standard. Progress is displayed with progress bars and percentages.

The following screenshot shows the progress bars and the progress percentages for critical focus areas for that standard.

TO Gap Analysis GDPR Readiness Overview 05

Control Readiness

The Control Readiness page highlights the controls in your program that meet relevant standard criteria. It also shows controls that need to be added in order to achieve readiness for this standard.

The following screenshot shows control readiness.

TO Gap Analysis GDPR Control Readiness 07

Each criteria lists out adopted, planned, and new controls. Adopted and planned controls are controls in your existing program that overlap with the requirements for that standard. New controls are controls to be added to your program if you choose to purchase this standard as an add-on. If you are looking to prepare for another standard but are not ready to financially commit yet, it is recommended to adopt any planned controls from your gap analysis and remediate the adopted controls so they are in a passing stage with evidence collected.

Click on arrow icon in front of the chapter to see the details of the planned, adopted and new controls associated with it.

TO Gap Analysis GDPR Control Readiness Details 08

Policy Readiness

The Policy Readiness page highlights policies in your program that map to the standard you are evaluating as well as any new policies to be added. All of the policy cards on this page are part of the policies already included in your program that overlap with that standard. Any New Policies are listed at the bottom of the page.

TO Gap Analysis GDPR Policy Readiness 09

Adding a new Standard to your Program

If you are ready to tackle a new standard, you can get in touch with our Trust Advisors by clicking on the Get Standard Add-on button on any of the Gap Analysis pages.

  1. Click on “Get GDPR Addon” to start your audit journey with TrustCloud. This will give you an estimate in terms of finances and time.
    TO Gap Analysis GDPR TrustCloud 06
  2. Enter your targeted date of completion of an audit and click on the “Send Request” button to schedule a demo with TrustCloud.

Join the conversation

You might also be interested in

Documentation Templates

Documentation Templates are documents that provide a content outline to meet certain documentation needs....

Backup policy template – Download for free

The Data Backup Plan template helps you document in detail the data backup needs...

HR-13 Employee Handbook/Code of Conduct

HR-13 Employee Handbook or Code of Conduct communicates the organization’s values and ethics. It...

AUTH-1 Single Sign On (SSO)

Single Sign On (SSO) Control is a best practice recommendation for critical systems....

Security Incident Report Template

The Security Incident Report template helps you document the steps used to assess and...

BIZOPS-6 Disaster Recovery Testing

BIZOPS-6 Disaster Recovery Testing control refers to the exercise of identifying the critical systems...

PDP-10 SDLC – Separation of environments

PDP-10 SDLC Separation of Environments is important to maintain separate environments to develop, test,...

Privacy Committee Charter Template

Privacy Committee Charter serves as a foundational document, establishing the framework for the committee's...