Measure compliance and close control gaps with structure
Knowing where you stand against a framework is the foundation of all compliance work. Securapilot's GAP analysis measures your compliance control by control, identifies the gaps and drives remediation all the way.
From framework to closed gap
A GAP analysis compares your current situation with the requirements of a framework. Securapilot's module gathers the whole effort — control assessments, scores, the Statement of Applicability and follow-up — in one place, with collaboration, trends and a complete audit trail.
The result: compliance work that is measurable, traceable and always audit-ready.
All compliance work in one module
The GAP analysis module covers the whole path from framework to closed gap in six connected areas.
Gap analyses
Assessment of a framework's controls within a defined scope, with an overall score and workflow.
Control assessments
Implementation status, maturity level, gap description and recommendations for each individual control.
Hierarchical follow-up
Compliance scores per department, aggregated up the organizational tree, with comparisons.
Statement of Applicability
The ISO 27001 Statement of Applicability with justifications, action plans and version history.
Cross-framework matrix
Mapping of controls between frameworks — an assessment in one framework is reused in another.
NIS2 incident reporting
A complete subsystem for handling and reporting significant cybersecurity incidents.
How the module supports your compliance work
Concrete support in every part of compliance work — from assessment to an approved analysis.
Multiple frameworks
Measure your compliance against ISO 27001, NIS2, NIST CSF and SOC 2 — centrally maintained frameworks and controls.
Control assessment with scoring
Every control gets an implementation status from not implemented to fully implemented, with a matching score.
Automatic score calculation
Scores are aggregated automatically per theme and into an overall compliance score for the whole analysis.
Collaboration with theme assignment
Several people work together with roles, and different people can own different themes of the framework.
Snapshots & trends
Point-in-time snapshots of score and status are saved, so you can follow progress and compare over time.
Statement of Applicability
Create and version SoA documents with applicability justifications, action plans and links to risks.
Cross-framework reuse
The cross-framework matrix maps controls between frameworks so an assessment can be reused.
AI recommendations & export
AI suggests actions for identified gaps, and analyses and the SoA are exported to PDF and Excel.
The gap analysis journey — from created to approved
Every gap analysis follows a clear workflow with built-in review.
Creation
The analysis is created against a framework; control assessments are initialized automatically.
Assessment
The controls are assessed one by one or in groups, with status, gap and recommendations.
Review
The analysis is submitted for review and the assigned reviewer is notified.
Completed
The analysis is completed once all controls are assessed and the overall score is ready.
Approved
The analysis is approved — the whole course of events is documented in the activity log.
Frequently asked questions about the GAP analysis module
Which frameworks can I run a GAP analysis against?
The module ships with centrally maintained frameworks — including ISO 27001, NIS2, NIST CSF and SOC 2 — with their controls and themes. An analysis is always run against a chosen framework.
What is a Statement of Applicability (SoA)?
The Statement of Applicability is the ISO 27001 document of which controls are applicable and why. The module lets you create the SoA standalone or derived from a gap analysis, with justifications, action plans, version history and links to risks.
Can an assessment be reused between frameworks?
Yes. The cross-framework matrix shows how controls in two frameworks relate, so an assessment in one framework can be used as a basis in another. The feature is included in the Professional and Enterprise plans.
Is NIS2 incident reporting included in the module?
Yes. The GAP analysis module includes a complete subsystem for NIS2 incident reporting — registration, materiality assessment, four report types with escalating deadlines and PDF export. See the dedicated incident management page for details.
Get a grip on your compliance
Book a demo and we'll show you how the GAP analysis module makes your compliance work measurable, traceable and audit-ready.
Related modules
Build a complete management system by combining modules that work together.