Skip to main content

Gap assessment best practices

Hyperproof is a robust, all-in-one compliance operations platform that allows organizations to stay on top of all their security assurance and compliance work. With Hyperproof, organizations can not only identify compliance requirements, implement controls, and collect and store proof, but they can also analyze existing

controls and requirements to determine which program they should start next.

Compliance gap assessments help organizations assess how their existing controls and requirements align with those in another compliance framework. This is both useful and necessary because many organizations need to comply with multiple frameworks.

Hyperproof makes it easy for organizations to conduct a gap assessment in just four simple steps:

  1. Set up custom fields on requirements. Custom fields help organizations determine which requirements have been started, not started, and reviewed.

  2. Create a new program and then “jumpstart” it. Hyperproof’s jumpstart feature helps organizations get from Point A to Point B as quickly as possible by providing a snapshot of which existing requirements can be reused in other frameworks.

  3. Review the new program and identify the gaps. This involves reviewing each requirement individually and assessing whether it is sufficient or requires further action.

  4. Generate a report detailing all the information analyzed during the gap assessment.


​Step 1: Setting up custom fields on requirements

Custom fields on requirements help you determine which requirements are in progress, not yet started, and reviewed. Additionally, you can add a custom field for notes to keep you and your team connected and up to date.

  1. From the left navigation menu, select Settings > Custom fields.

  2. Click New.

  3. In Select field type, click Single select.

  4. In Field name, enter Gap assessment status.

  5. In Available on, select the Requirements check box.

  6. Select a symbol from the Field symbol drop-down menu.

  7. In Required field?, select Yes.

  8. In Values, enter the following three options, pressing Enter after each one: Not started, In progress, and Reviewed.

  9. Click Create.

  10. Click New.

  11. In Select field type, click Multi-line text field.

  12. In Field name, enter Gap assessment notes.

  13. In Available on, select the Requirements check box.

  14. Select a symbol from the Field symbol drop-down menu.

  15. In Required field?, select Yes.

  16. Click Create.

Step 2: Creating a new program

Before determining which existing controls and requirements

can be reused, you must first create a new program.

  1. From the left navigation menu, select Programs, and then click New.

  2. Select a program template from the template library.

  3. Optionally, expand the sections to review the program’s requirements.

  4. Click Next.

  5. Enter a name and description for your program, and then click Create.

  6. On the Add controls window, click Skip. It's important not to have any controls, so you can use the Jumpstart feature to add relevant controls.

Step 3: Jumpstarting the new program

Hyperproof’s jumpstart feature compares your organization's existing requirements with those of a new program. The jumpstart percentage is determined by the number of existing requirements that can be reused in the new program.

When you choose to jumpstart from one program to another, you’re indicating that you want to link the controls from the related requirements in your existing program to the related requirements in the new program.

See Creating a new program from an existing program.

Step 4: Reviewing requirements

The manual process of reviewing requirements is pivotal in determining whether a requirement is sufficient or requires further action.

  1. From the left navigation menu, select Programs, and then select the program

    you just created.

  2. Select the Requirements tab.

  3. Click the Tree view icon in the upper-right corner.

  4. Expand a section, and then select a requirement. On the right side of the

    screen, you’ll see three tabs: Controls, Proof, and Details. From the Controls

    tab, you can view controls that were linked during the jumpstart process.

    Mouse over the control to access a quick or detailed overview of the control.

Step 5: Managing controls

During the review process, indicate if new controls need to be created or if existing ones need to be modified or unlinked from a requirement.

Tip: Use the Gap assessment status custom field on requirements to keep track of the review process.

  1. If a control needs to be modified or created, select the Details tab. Add

    information about what needs to be done in the Gap assessment notes custom field.

    Tip: Use the same text to describe work that needs to be done so that it’s

    easy to filter the report. For example, you might use something like “Update

    control CC1.2. Details: The existing control needs...” or “New controls. Details:

    There is a gap that requires...”

  2. To unlink the control from the requirement, mouse over the control and click the Unlink (X) icon.

Step 6: Generating the report

After the gap assessment is completed, you’ll generate a CSV report that details all the information from the gap assessment.

  1. From the left navigation menu, select Programs, and then select your program.

  2. Select the ... (More options) menu, and click Export program. The program

    is exported to a CSV file.

  3. Click the Download button in the bottom-right corner to download the file now, or check your email to download later.

Related Articles
Wiz proof types
Okta SCIM Configuration
Deleting a repeating task
Linking proof to a request
Troubleshooting SharePoint site visibility in Hyperproof
Did this answer your question?