Getting started with an ISO Gap Analysis
Do you have a management system but are unsure if it satisfies all of an ISO standard’s requirements? Perhaps you are looking to invest in ISO and are wondering whether your business is in a position to proceed?
Our professional and skilled management consultants are here to help and can perform a detailed ISO Gap Analysis to help you get started.
What is an ISO Gap Analysis
A gap analysis compares your current processes and systems to the specifications of an ISO standard. The procedures that are currently in place at your organisation should be identified and described in detail by an ISO Gap Analysis. They should be measured based on how clearly business processes have defined them, the controls that are in place, and how effective those controls are. Forms, software, whiteboards, and other tools that direct a process to behave a certain manner are examples of controls.
Any process that is part of the execution or production of a product or service requires strong controls. Strong controls reduce the likelihood of deviation, increasing the likelihood of success. Weaker controls allow a lot of opportunity for individual interpretation or how things happen, which could prevent the desired aim from being reached.
A gap analysis is typically carried out as part of a process for evaluating the preparedness of your business’s processes and systems for certification. It highlights areas where your system does not fulfil the standards.
Compliant offer an ISO Gap Analysis for all new clients wanting to get started on their ISO journey. Our Gap Analysis’ can be carried out to assess your system compliance with the requirements of the following standards:
- ISO 9001 – Quality management standard to help businesses work more efficiently and reduce product failures and service issues.
- ISO 14001 – Environmental management standard to help reduce environmental impacts, reduce waste and be more sustainable.
- ISO 22001 – Food safety standard to help prevent food from being contaminated.
- ISO 27001 – IT security standard to help keep sensitive information safe and secure.
- ISO 45001 – Health and safety standard to help reduce accidents in the workplace.
- ISO 13485 – Medical devices standard to ensure the devices in a medical laboratory are safe, effective, and delivered to a high standard.
As part of our ISO Gap Analysis offer one of our BSI trained Lead Auditors will assess your company’s current processes and procedures in comparison to the standard/s that you are looking to pursue.
After that, we will give you a Gap Analysis Report that describes the requirements of the standard/s and shows where the business is complying with them and where improvement is needed.
All of the gaps between your system and the requirements of the standard will be clearly identified in the gap analysis, along with the steps that must be taken to close them. If you decide to progress with Compliant as your ISO management consultant, we will support you in closing those gaps and supply approved document templates where needed. We will also support your business through audits and surveillances to guarantee your business certification.
Choosing to partner with a professional certification partner such as Compliant substantially reduces the time that it takes to become certified. By working with us you’ll only need to set aside 1 hour of your time every 6 months to meet with one of our consultants. Compliant provides the framework and all of the required documentation to ensure that you become certified, first time, every time.
ISO Gap Analysis: What does an ISO 9001 Gap Analysis include?
Before getting started with any ISO Gap Analysis we recommend:
- Choosing one or more employees from within your organisation to carry out the gap analysis; it is advantageous if they have audit or quality system experience.
- If you do not have a suitable employee to act as your ISO lead, we recommend appointing an ISO consultant such as Compliant. We have the expertise to carry out a thorough ISO Gap Analysis effectively and make sure no areas are missed.
- Obtain or make your own ISO Gap Analysis Checklist.
Your management system is applicable to the facilities, product lines or services areas and ISO 9001 clauses that you intend to register as ISO 9001 compliant.
Gathering customer input and ensuring that procedures be measured are requirements, but how you go about doing this is entirely up to you.
All Compliant clients are provided with a management system and template documentation that can be tailored. We compare your organisation’s performance clause by clause and make a list of potential clause eight exemptions that might not apply. Each claimed exclusion will need to be properly justified in the scope document or quality manual.
Our ISO 9001 methodology examines both the individual processes and how they all interact with one another. We will help your business to identify areas ripe for optimisation and improvement by looking at how each of your business processes interacts with the others within the framework of a Quality Management System.
Does an ISO Gap Analysis differ from an audit?
One of the main questions that we get asked as an ISO consultant is ‘Does an ISO Gap Analysis differ from an audit?’.
The primary distinction between a Gap Analysis and an audit is that, during a gap analysis, your organisation will evaluate your operations against the benchmark. Throughout an ISO Gap Analysis your organisation’s policies and procedures will be compared to the standard/s. In comparison an audit’s objective is to determine whether they are being followed by the organisation.
ISO Checklist of Gaps
An ISO Gap Analysis is an opportunity to identify gaps that can be closed to ensure certification:
- The Gap Checklist is the most crucial tool for the Gap Analysis. This is a set of standards-compliant requirements that is formatted as a series of questions.
- This list will be used by the auditor (person performing the gap analysis) to evaluate how well the implemented management system adheres to the criteria of a standard. A “gap” is a term used to describe a shortage.
- The checklist offers the auditor suggestions for documents to search for, illustrations of what will satisfy the standards, and other advice on conducting an audit in accordance with the standard.
- Additionally, the checklist provides the auditor with a spot to record any findings that did or did not meet the criteria.
Pre planning your ISO Gap Analysis
Pre-planning activity between your organisation and Compliant or your ISO consultant is essential. In the first instance we will contact you to obtain background information on your business and the industry in which you operate. We may even carry out an initial onsite visit and various documents, will be requested including:
- A Business Summary – An organisation profile describing your business activities, locations, and number of employees at each location.
- Target Engagement Objectives – Current scope, goals and objectives description for the follow-on engagement.
- Policies – Company policies and procedures.
- Organisation Chart – A detailed chart with the current organisation structure, including names and job titles.
- Job Descriptions – Employee information including job offers and job contracts.
- Training – A detailed training matrix and any training records.
- Employee Handbook – Your current personal manual.
- Vendor List – A detailed list of vendors/suppliers.
- Support Contacts – Contact details identifying the personnel available to support the Gap Analysis.
- Organisation Feedback – A copy of any customer complements or complaints.
- Software Review – An overview of the software tools used to manage employee data, control organisational documents, or management data.
If you decide to progress with Compliant, we will carry out a detailed ISO Gap Analysis based on the information requested above, adhering to the following checklist:
- Do you already have an established management system?
- Have all external and internal issues that are relevant to your organisation’s purpose and the achievement of customer satisfaction and the organisation’s strategic direction been determined?
- Have all responsibilities, methods, measurements and related performance indicators, needed to ensure the effective operation and control, been established?
- Has the criteria for managing these processes and their interaction been established?
- Have these methods and measures been communicated to staff?
- Do all stakeholders understand their roles and responsibilities in relation to the management system?
- Does your business have a description of the processes and their sequence and interaction?
- Has your business considered all the external and internal issues, the needs of interested parties and the scope your products and services?
- Has top management taken accountability for the effectiveness of the management system?
- Have customer requirements and applicable statutory and regulatory requirements been determined, met and communicated throughout the organisation?
- Have business objectives been established at relevant departmental and individual levels with the business?
- Has the organisation ensured that those persons who can affect the performance of the management system are competent on the basis of appropriate education, training, or experience or taken action to ensure that those persons can acquire the necessary competence?
- Has employee training been effectively recorded?
- Have the requirements for the management system been integrated into the business processes?
- Have the risks and opportunities that are relevant to the management system been identified and recorded?
- Has your organisation planned actions to address these risks and opportunities and integrated them into the system processes?
- Has your organisation defined a process for the determining the need for changes to the management system and managing their implementation?
- Has the organisation determined and provided the resources needed for the establishment, implementation, maintenance and continual improvement of the management system?
- Is monitoring or measuring is used for evidence of conformity of products and services to specified requirements?
- Are any nonconforming process outputs managed so as to prevent their unintended use?
- Are any outsourced processes or services, If yes how are these managed and controlled?
- Do you ensure that externally provided processes, products, and services conform to specified requirements?
- Do you design and develop products or services?
- Do you have criteria for the evaluation, selection, monitoring of performance and re-evaluation of external providers?
- Is property belonging to customers or external providers used in the provision of the product or service?
- Is the provision of products and services carried out in controlled conditions which include:
- the availability of documented information that defines the characteristics of the products and services?
- the availability of documented information that defines the activities to be performed and the results to be achieved?
- monitoring and measurement activities at appropriate stages to verify that criteria for control of processes and process outputs, and acceptance criteria for products and services, have been met?
- the people carrying out the tasks are competent?
- Does your organisation have a defined process for reviewing and communicating with customers in relation to information relating to products and services, enquiries, contracts or order handling?
- Is there a defined process for the provision of products and services that meet the requirements defined by the customer?
- Is there a requirement for post-delivery activities associated with the products and services such as warranty, maintenance services, recycling or final disposal?
- Are performance management reviews established and implemented? If yes how are these recorded?
- Has your organisation determined the need or opportunities for improvements within the management system and how these will be fed into management reviews?
- Has it established when the results from monitoring and measurement shall be analysed and evaluated
- Does your organisation effectively record what needs to be monitored and measured and the methods for monitoring, measurement, analysis and evaluation, to ensure valid results?
- Has your organisation decided on how it will address the requirement to continually improve the suitability, adequacy, and effectiveness of the management system?
- Has your organisation determined and selected opportunities for improvement and implemented the necessary actions to meet customer requirements and enhance customer satisfaction?
Reviewing all of the above identifies whether your system satisfies all of a standard/s’ requirements and ensures you are ready for Audit day.
ISO Gap Analysis: Progressing onto certification
If after your ISO Gap Analysis you decide to progress onto certification we suggest the following process:
- Decide whether you want to progress onto certification on your own or with a consultant
- If you decide to progress with an ISO consultant such as Compliant:
- Provide your current procedures and processes to your consultant for review
- Continue using your current procedures if they satisfy the standards (We will review all documentation to help decide what is applicable and what isn’t)
- If they don’t satisfy the requirements, we will provide you with templates that are compliant
- Together with our framework a bespoke management system is built
- An audit is booked with the chosen certification body (we attend all audits with and on behalf of our clients)
- Post audit we address any non-conformance concerns found, if necessary, and then your organisation becomes certified.
Compliant can get a company through ISO certification in just 14 days if needed. However, we recommend an initial 6-week period to enable time for discussions, implementation and making the management system bespoke to the individual company.
After this we then move onto a stage 1 audit with our chosen UKAS accredited certification body. Compliant ensures that clients are fully ready for stage 2 audits and ongoing surveillances. The stage 2 audit is always within 3 months of the stage 1 audit.
Get started with Compliant
An initial teams meeting will help us to fully understand your business, its requirements, the structure of the management system required, and the organisational context. We will then submit all your information to one of our preferred certification body partners.
We can help businesses to access funding for their certifications; can offer flexible payment plans of certifications and can pass cost savings from certifications bodies directly onto our customers.
If you would like a FREE quotation just fill in our FREE quote calculator here.