Framework Gap Analysis
Framework Gap Analysis
Section titled “Framework Gap Analysis”The Framework Gap Analysis feature helps you identify controls that are required by your target frameworks but not yet in your scope. Close compliance gaps efficiently by bulk-adding missing controls directly from the analysis.
Accessing Gap Analysis
Section titled “Accessing Gap Analysis”Gap Analysis is available from two locations:
- Dashboard — Framework coverage cards show gap percentages with a “View Gaps” button
- Control Scoping — The stats panel shows gaps by framework with expandable details
Understanding Gaps
Section titled “Understanding Gaps”What is a Gap?
Section titled “What is a Gap?”A gap is a control that:
- Is mapped to one of your target frameworks
- Is not currently selected in your control scope
Gaps represent potential compliance deficiencies — controls you may need to implement to achieve certification.
Gap Percentage
Section titled “Gap Percentage”The gap percentage shows how many framework-required controls are missing:
Gap % = (Missing Controls ÷ Total Framework Controls) × 100For example, if ISO 27001 maps to 150 SCF controls and you have 120 selected, your gap is 20% (30 controls missing).
The Gap Analysis Panel
Section titled “The Gap Analysis Panel”Framework Overview
Section titled “Framework Overview”At the top of the panel, you’ll see:
- Framework name and identifier
- Coverage stats — Selected controls vs. total required
- Gap count — Number of missing controls
- Gap percentage — Visual indicator of compliance readiness
Domain Breakdown
Section titled “Domain Breakdown”Gaps are organised by SCF domain, sorted by gap count (highest first):
| Column | Description |
|---|---|
| Domain | The SCF control domain (e.g., “Access Control”, “Risk Management”) |
| Gap Count | Number of missing controls in this domain |
| Controls | Expandable list of specific missing control IDs and names |
Expanding Domains
Section titled “Expanding Domains”Click any domain row to expand and see:
- Individual control IDs (e.g., “ACC-01”)
- Control names and descriptions
- Quick-add buttons for each control
Closing Gaps
Section titled “Closing Gaps”Adding Individual Controls
Section titled “Adding Individual Controls”- Expand a domain to see missing controls
- Click the + Add button next to any control
- The control is added to your scope with status “Not Started”
- The gap count updates automatically
The control is tagged with the reason “Added via [Framework] gap analysis” for audit trail purposes.
Bulk-Adding by Domain
Section titled “Bulk-Adding by Domain”To add all missing controls in a domain at once:
- Hover over a domain row
- Click Add All [X] Controls
- Confirm the bulk addition
- All controls in that domain are added to scope
Navigate to Scoping
Section titled “Navigate to Scoping”Click View in Control Scoping to jump to the Control Scoping page filtered to the selected framework. This lets you:
- See both selected and unselected controls together
- Review control details before adding
- Make more informed scoping decisions
Gap Analysis Workflow
Section titled “Gap Analysis Workflow”Recommended Approach
Section titled “Recommended Approach”- Review your target frameworks — Ensure Framework Management shows your certification goals
- Check dashboard gaps — Identify which frameworks have the largest gaps
- Analyse by domain — Focus on domains with many gaps first
- Prioritise critical controls — Not all controls are equally important; review descriptions
- Add in phases — Don’t add everything at once; plan implementation capacity
- Track progress — Watch gap percentages decrease as you add and implement controls
Using Gaps for Audit Preparation
Section titled “Using Gaps for Audit Preparation”When preparing for certification:
- Set gap percentage target (e.g., 0% for full coverage)
- Use gap analysis to identify all missing controls
- Add controls to scope in priority order
- Implement and gather evidence for each
- Re-run gap analysis to verify complete coverage
Gap Analysis vs. Control Scoping
Section titled “Gap Analysis vs. Control Scoping”| Feature | Gap Analysis | Control Scoping |
|---|---|---|
| Purpose | Find what’s missing | Manage what’s selected |
| View | Framework-centric | Control-centric |
| Shows | Only unselected controls | All controls |
| Best for | Identifying gaps | Day-to-day management |
Use Gap Analysis for strategic planning and Control Scoping for operational work.
Best Practices
Section titled “Best Practices”Strategic Gap Closure
Section titled “Strategic Gap Closure”- Don’t chase 0% blindly — Some controls may not apply to your organisation
- Document exclusions — If a control doesn’t apply, note why in your risk register
- Phase implementation — Large gap closures should be planned across quarters
Framework Prioritisation
Section titled “Framework Prioritisation”If you’re targeting multiple frameworks:
- Start with your primary certification target
- Leverage control mapping — one SCF control often satisfies multiple frameworks
- Address shared gaps first for maximum efficiency
- Use comparison view to see overlap
Maintaining Low Gaps
Section titled “Maintaining Low Gaps”Once gaps are closed:
- Monitor for new framework version updates (new controls may appear)
- Review gaps quarterly
- Set alerts for gap threshold increases
Troubleshooting
Section titled “Troubleshooting”Gap Count Doesn’t Match Expectations
Section titled “Gap Count Doesn’t Match Expectations”If the gap count seems wrong:
- Verify the framework is correctly mapped in Framework Management
- Check that controls are actually selected (not just viewed)
- Refresh the dashboard to get latest data
Control Won’t Add
Section titled “Control Won’t Add”If clicking “Add” doesn’t work:
- Check you have edit permissions for control scoping
- Verify you’re logged in to the correct organisation
- Check browser console for errors and report to support
Gap Percentage Shows 100%
Section titled “Gap Percentage Shows 100%”If all controls show as gaps:
- You may not have selected any controls yet
- Navigate to Control Scoping to begin selecting controls
- Consider using “Scope by Framework” for bulk selection