Measure compliance and close control gaps with structure
Knowing where you stand against a framework is the foundation of all compliance work. Securapilot's GAP analysis measures compliance control by control, identifies the gaps and drives remediation through to an approved analysis.
From framework to closed gap
A GAP analysis compares your current situation with the requirements of a framework. Securapilot's module gathers control assessments, scores, the Statement of Applicability and follow-up in one place — with collaboration, trends and every change logged.
The result: compliance work that is measurable and always audit-ready.
All compliance work in one module
The GAP analysis module covers the path from framework to closed gap in six connected areas.
Gap analyses
Assessment of a framework's controls within a defined scope, with an overall score and workflow.
Control assessments
Implementation status, maturity level, gap description and recommendations for each individual control.
Hierarchical follow-up
Compliance scores per department, aggregated up the organizational tree, with comparisons.
Statement of Applicability
The ISO 27001 Statement of Applicability with justifications, action plans and version history.
Cross-framework matrix
Mapping of controls between frameworks — an assessment in one framework is reused in another.
NIS2 incident reporting
A complete subsystem for handling and reporting significant cybersecurity incidents.
How the module supports your compliance work
Eight capabilities covering multiple frameworks, automatic scoring, the Statement of Applicability, reuse of assessments across frameworks and AI recommendations.
Multiple frameworks
Measure your compliance against ISO 27001, NIS2, NIST CSF and SOC 2 — centrally maintained frameworks and controls.
Control assessment with scoring
Every control gets an implementation status from not implemented to fully implemented, with a matching score.
Automatic score calculation
Scores are aggregated automatically per theme and into an overall compliance score for the whole analysis.
Collaboration with theme assignment
Several people work together with roles, and different people can own different themes of the framework.
Snapshots & trends
Point-in-time snapshots of score and status are saved, so you can follow progress and compare over time.
Statement of Applicability (SoA)
Create and version the Statement of Applicability that ISO 27001 requires — justify which controls apply, link in action plans and risks.
Reuse assessments across frameworks
Many controls overlap between frameworks. A matrix shows which ones map to each other, so one assessment can feed several analyses.
AI recommendations & export
AI suggests actions for identified gaps, and analyses and the SoA are exported to PDF and Excel.
The gap analysis journey — from created to approved
Every gap analysis follows a clear workflow with built-in review.
Creation
The analysis is created against a framework; control assessments are initialized automatically.
Assessment
The controls are assessed one by one or in groups, with status, gap and recommendations.
Review
The analysis is submitted for review and the assigned reviewer is notified.
Completed
The analysis is completed once all controls are assessed and the overall score is ready.
Approved
The analysis is approved — the whole course of events is documented in the activity log.
Frequently asked questions about the GAP analysis module
Which frameworks can I run a GAP analysis against?
The module ships with centrally maintained frameworks — including ISO 27001, NIS2, NIST CSF and SOC 2 — with their controls and themes. An analysis is always run against a chosen framework.
What is a Statement of Applicability (SoA)?
The Statement of Applicability is the ISO 27001 document of which controls are applicable and why. The module lets you create the SoA standalone or derived from a gap analysis, with justifications, action plans, version history and links to risks.
Can an assessment be reused between frameworks?
Yes. The cross-framework matrix shows how controls in two frameworks relate, so an assessment in one framework can be used as a basis in another. The feature is included in the Professional and Enterprise plans.
Is NIS2 incident reporting included in the module?
Yes. The GAP analysis module includes a complete subsystem for NIS2 incident reporting — registration, materiality assessment, four report types with escalating deadlines and PDF export. See the dedicated incident management page for details.
Get a grip on your compliance
Book a demo and we'll show you how the GAP analysis module makes your compliance work measurable, traceable and audit-ready.
Related modules
Build a complete management system by combining modules that work together.