GAP Analysis

Measure compliance and close control gaps with structure

Knowing where you stand against a framework is the foundation of all compliance work. Securapilot's GAP analysis measures compliance control by control, identifies the gaps and drives remediation through to an approved analysis.

From framework to closed gap

A GAP analysis compares your current situation with the requirements of a framework. Securapilot's module gathers control assessments, scores, the Statement of Applicability and follow-up in one place — with collaboration, trends and every change logged.

The result: compliance work that is measurable and always audit-ready.

All compliance work in one module

The GAP analysis module covers the path from framework to closed gap in six connected areas.

Gap analyses

Assessment of a framework's controls within a defined scope, with an overall score and workflow.

Control assessments

Implementation status, maturity level, gap description and recommendations for each individual control.

Hierarchical follow-up

Compliance scores per department, aggregated up the organizational tree, with comparisons.

Statement of Applicability

The ISO 27001 Statement of Applicability with justifications, action plans and version history.

Cross-framework matrix

Mapping of controls between frameworks — an assessment in one framework is reused in another.

NIS2 incident reporting

A complete subsystem for handling and reporting significant cybersecurity incidents.

How the module supports your compliance work

Eight capabilities covering multiple frameworks, automatic scoring, the Statement of Applicability, reuse of assessments across frameworks and AI recommendations.

Multiple frameworks

Measure your compliance against ISO 27001, NIS2, NIST CSF and SOC 2 — centrally maintained frameworks and controls.

Control assessment with scoring

Every control gets an implementation status from not implemented to fully implemented, with a matching score.

Automatic score calculation

Scores are aggregated automatically per theme and into an overall compliance score for the whole analysis.

Collaboration with theme assignment

Several people work together with roles, and different people can own different themes of the framework.

Snapshots & trends

Point-in-time snapshots of score and status are saved, so you can follow progress and compare over time.

Statement of Applicability (SoA)

Create and version the Statement of Applicability that ISO 27001 requires — justify which controls apply, link in action plans and risks.

Reuse assessments across frameworks

Many controls overlap between frameworks. A matrix shows which ones map to each other, so one assessment can feed several analyses.

AI recommendations & export

AI suggests actions for identified gaps, and analyses and the SoA are exported to PDF and Excel.

The gap analysis journey — from created to approved

Every gap analysis follows a clear workflow with built-in review.

1

Creation

The analysis is created against a framework; control assessments are initialized automatically.

2

Assessment

The controls are assessed one by one or in groups, with status, gap and recommendations.

3

Review

The analysis is submitted for review and the assigned reviewer is notified.

4

Completed

The analysis is completed once all controls are assessed and the overall score is ready.

5

Approved

The analysis is approved — the whole course of events is documented in the activity log.

Frequently asked questions about the GAP analysis module

Which frameworks can I run a GAP analysis against?

The module ships with centrally maintained frameworks — including ISO 27001, NIS2, NIST CSF and SOC 2 — with their controls and themes. An analysis is always run against a chosen framework.

What is a Statement of Applicability (SoA)?

The Statement of Applicability is the ISO 27001 document of which controls are applicable and why. The module lets you create the SoA standalone or derived from a gap analysis, with justifications, action plans, version history and links to risks.

Can an assessment be reused between frameworks?

Yes. The cross-framework matrix shows how controls in two frameworks relate, so an assessment in one framework can be used as a basis in another. The feature is included in the Professional and Enterprise plans.

Is NIS2 incident reporting included in the module?

Yes. The GAP analysis module includes a complete subsystem for NIS2 incident reporting — registration, materiality assessment, four report types with escalating deadlines and PDF export. See the dedicated incident management page for details.

Get a grip on your compliance

Book a demo and we'll show you how the GAP analysis module makes your compliance work measurable, traceable and audit-ready.

We use anonymous statistics without cookies to improve the website. Read more