Are you looking for someone to do a regulatory compliance gap analysis for you? The purpose of a gap analysis is to compare you to a specific law, rule, code or standard, and find specific gaps that you should correct. A gap analysis is usually conducted before implementation has been done and includes our advice with us acting as experts on a particular law. A gap analysis is forward-looking and sets a direction and involves planning. We have years of experience doing a compliance gap analysis on specific focus areas. We can also do an assessment or a compliance audit, but those are something different.
The benefits of a gap analysis
A gap analysis should enable you to know:
- where you currently stand in regards to complying with a law,
- where the gaps are,
- what you need to do to close the gaps and get closer to fully complying with the regulatory requirements.
We don’t audit during a gap analysis, but rather we get key process or activity owners, champions or project stakeholders to provide the evidence they may have (or not have) for each of the regulatory requirements in the law.
A gap analysis is done at the beginning of the journey whilst an audit is at the end
What we offer a gap analysis on
- POPIA Gap Analysis (to analyse the degree to which your organisation complies with POPIA and identify the gaps)
- Privacy or Data Protection Gap Analysis (to analyse the degree to which your organisation complies with all data protection laws that apply to it and identify the gaps)
- Governance Gap Analysis (to analyse the degree to which your organisation complies with governance codes that apply to it and identify the gaps)
Our gap analysis process
Our gap analysis process normally includes us taking the following steps.
- Discover as much information ourselves as possible. If necessary, request you to send us various documents. Where necessary, send various people questionnaires to answer.
- Workshop with or interview various people to discover more information and ask for further clarification. Assess the extent to which an organisation is compliant with the relevant law and the associated legal risks.
- Document our findings by drafting and delivering a report, including actions that need to be taken.
Where necessary, we recommend solutions which would ensure compliance with South African regulatory requirements and implement best practice where sound business practice, rather than a legal requirement, dictate that the risk be managed.
A gap analysis is always about where we want to be
When we do a data protection gap analysis there are essentially two things we need.
- To understand how you process personal data as part of your activities.
- To know what controls you currently have in place or the extent to which you already comply with the regulatory requirements.
We can then determine the extent to which you don’t currently comply with the regulatory requirements and give you a list of actions you need to take to close the gap.
A report including a compliance action plan
We deliver a practical report in plain language detailing your current status, ideal status, and legal and compliance gaps. Our report also highlights risks and recommends action to be taken in the form of a Compliance Action Plan, which includes a roadmap. Depending on the type of analysis, our report is made up of different components.