Understanding Your SOC 1 Report: What is a Gap Analysis?

by Joseph Kirkpatrick / December 11th, 2017

A gap analysis is designed to prepare organizations for an audit. If it’s your first time going through an audit (SOC 1, SOC 2, PCI, HIPAA, HITRUST CSF, etc.), KirkpatrickPrice strongly recommends a gap analysis. This is a process of discovery, a chance to find areas of weakness, and an opportunity to gain industry insight. A gap analysis is not an audit. This process will examine your internal controls in order to identify operational, reporting, and compliance gaps and to provide advice on strategies to manage control objectives going forward. A gap analysis is an efficient way to determine the steps you need to take in order to reach your information security and compliance goals based on the current state of your organization’s security controls.

Through a virtual or onsite gap analysis, one of our experienced, senior-level auditors will spend time with your team and review policies and procedures, perform interviews of responsible personnel, and create a gap analysis report. If a gap analysis is performed, KirkpatrickPrice will document identified gaps and recommended actions in our Online Audit Manager and provide the raw findings. After an organization has remedied the non-compliant findings, KirkpatrickPrice will continue with the audit.

If it’s your first time going through an audit of a specific framework, let us be your guide. Contact us today for more information on the value of gap analysis and what KirkpatrickPrice’s process is.

One of the things that we offer to assist organizations in the beginning of their SOC 1 audit is a gap analysis. One of our experienced, senior-level auditors will come to your facility and spend time with you to review your policies, procedures, and practices, interview your staff, and quickly identify any gaps that must be addressed in order to proceed with the audit. Our firm provides audit services worldwide, so no matter where you are, this gap analysis can be a very valuable way to quickly analyze what you have in place and what you need to have in place in order to complete a SOC 1 audit.