A gap analysis is the process of comparing the current state of the organization’s compliance with the new regulation and the desired state of compliance. It helps to identify the gaps or deficiencies that need to be addressed and prioritize the actions to close them. Performing a gap analysis is the first step to understand the impact of the new regulation and plan the appropriate risk response.
References
•ISACA CRISC Review Manual, 7th Edition, Domain 2: IT Risk Assessment, Section 2.2.3: Gap Analysis
•Regulatory Change: Future of Risk in the Digital Era | Deloitte US
•Gap Analysis: What It Is and How to Perform One | The Blueprint
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit