Get in touch

Get in touch

  • This field is for validation purposes and should be left unchanged.

Privacy Notice


When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.

Reveal Menu

Our guide to an ISO Gap Assessment


If you plan to implement an ISO standard, or upgrade your current management system, an ISO Gap Assessment is one of the starting points for success. It will allow you to effectively plan what needs to be done in order to align to the requirements for your chosen ISO standard.

An ISO Gap Assessment is an objective evaluation of your organization’s current arrangements against one or more ISO standards. It should be conducted by an independent person, or team of people, to ensure there is no conflict of interest during the assessment.

The main purpose of a Gap Assessment

The main purpose of the Gap Assessment is to help an organization identify any gaps in meeting the requirements of their chosen ISO standard(s). Once identified, you can prepare an action plan to meet the outstanding requirements and put in place the necessary processes or documented information to evidence compliance.

A Gap Assessment checklist will help ensure you have:

  • Covered the main requirements of the relevant standard and have evidence that you are compliant
  • Identified the recommended documents and mandatory procedures

What are the benefits of conducting an ISO Gap Assessment?

An ISO Gap Assessment allows an organization to:

  • Identify any gaps in meeting the requirements of your chosen standard(s)
  • Identify areas that are compliant and ensure evidence of this is available
  • Analyse the strengths and weakness of the management system for continual improvement
  • Provide evidence of the progress of the management system to key stakeholders
  • Have an idea of the resources (time and manpower) that may be required to become fully compliant
  • Create a plan of action with SMART goals to fully implement the standard(s) and be certification ready (if this is your end-goal)

How to do an ISO Gap Assessment

There are various methods organization’s use to conduct a gap assessment depending on time, budget, and knowledge within the business.

Some organization’s use the actual Standard document itself, and this can be purchased from the ISO website. Another option is CertiKit’s Enhanced Gap Assessment tool, these are BSI-licensed products and include the exact wording of the standard broken down into a useful excel spreadsheet and dashboard for ease of use. These can be purchased from our website and are available as instant downloads for the following standards: ISO27001, ISO14001, ISO45001, ISO9001, ISO20000, ISO22301 and ISO27701.

There are also free tools out there too, which included an overview of the requirements and these can be downloaded from various websites, but make sure you check for accuracy as they may not cover key requirements.

You can also get an ISO consultant to conduct a Gap Assessment on your organization’s behalf, this will often allow you to identify the gaps with more accuracy if you don’t have ISO expertise within the business. These vary from company to company, CertiKit offer this service for the following standards: ISO27001, ISO9001, ISO14001, ISO45001 and ISO22301, and provide a comprehensive report on compliance with a detailed action plan to meet the requirements of the standard(s).

Regular Gap Assessments are key

The Gap Assessment process should be repeated at regular intervals throughout implementation to identify outstanding gaps in compliance. Using your gap assessment as an ongoing checklist for compliance will ensure you’ve got a real-time view of the position of your management system.

Once you have completed the implementation and are into the embedment and pre-certification phase, the Gap Assessment is replaced by an Internal Audit which is then used to check that you are compliant to the areas of the standard that are required, ready for the certification audit.

Is a Gap Assessment the same as an Internal Audit?

No. During a Gap Assessment, an organisation’s processes and procedures are analysed and compared to the requirements of the ISO standard. During an Internal Audit, the organisation’s functioning is also analysed and compared to the standard. The difference is that for the internal audit, evidence is required to ensure that the mandatory requirements and practices are being carried out in the way they have been documented.

Ongoing Gap Assessment for continual improvement

The Gap Assessment is a useful tool for both pre-certification and ongoing improvements. It is significant in the ISO implementation process as it allows organizations to focus their resources on actions that will have the most impact and will (hopefully) speed up the journey to compliance to their chosen standard.

We’ve helped more than 4000 businesses with their compliance


The content is exactly what we needed to get started. We lean heavily on the templates to get most of the key points for each section in place and can focus on those points that are most important to us.


View all Testimonials