Gap analysis is used as an assessment used to help identify differences between information systems or applications intended to help identify and highlight which requirements are being met and which are not. Gap analysis is especially valuable in executing assessments for product certifications and compliance requirements. To help define and measure time, money and human resource investments that are required to achieve expected outcomes.
Typical uses of gap analysis:
- Software development: Used to document services and functions that may be inadvertently missed, which ones have been deliberately eliminated, and which still need to be developed.
- Compliance: Used to provide comparison between legal requirements and current and planned processes.
- Product Certifications: Used to provide comparison between requirements for product certifications and current product status.
- Perform a gap analysis between the design and industry best practices
- Enumerate conflicts between business requirements and security considerations so informed trade offs are made
- Recommend solutions for addressing security weaknesses
- Can be conducted prior to implementation, or once in production
- Due diligence measurements & benchmarking on the part of the system’s owner(s)
