Identify Vulnerabilities to Reduce Risks
Get backup from our team of security and compliance experts to enable your organization to pass any regulatory obligation.
Regulatory and Compliance Guidance
What is a Gap Assessment?
Identify the steps needed to reduce risk and pass audits
Whether it’s a government body, a contractual obligation with a customer, an industry requirement, a private-sector framework, or a nonprofit authority, organizations often have a set of rules and security controls they must adhere to. To ensure you can earn contracts, stay accredited, and stay certified, identifying where you currently fall short in your administrative, physical, and technical security is a crucial step.
How does FRSecure approach gap assessments?
After determining which regulation(s) your organization must adhere to, FRSecure analysts will work with your team to understand which capabilities and controls are in place—ultimately helping you identify shortcomings in your requirements. With an emphasis on improving your overall security fundamentals, compliance falls naturally in place after that. Because of this, we can support a wide range of requirements across almost any industry.
Gap Assessment Steps
It’s important to talk to staff who are responsible for each area of the requirement in question. We need to be if the staff understands how their daily functions impact the security program and its requirements.
After the interview is conducted, our analysts will take the information gathered, assess what’s being done, and see where there are discrepancies between the two.
Once the evidence is reviewed, the analyst can determine where there are shortcomings in the regulatory requirements. Then they’ll develop a detailed plan outlining the to-dos, timeline, and cost needed to comply.
Gap Assessment FAQ
FRSecure uses a risk assessment methodology and platform called S2. The final report will list specific controls you need to adhere to and map to the corresponding controls in S2. It will also list the specific control and whether it’s being met, not being met, or if not applicable.
It typically takes between 4-16 hours to conduct interviews with your staff. In total, it takes anywhere from 4-6 weeks to complete the entire engagement.
On average, regulatory requirements need to be met every 1-2 years, so these need to be conducted at least that often. It cannot be a one-and-done—it must be an ongoing process.
It is crucial to us that we stay objective when handling cybersecurity services. Grading your own paper is an easy way to bring unintentional bias, leading to a false sense of security. We help improve security programs and determine gaps in compliance—but we stop there.