When embarking on your ISO journey, a crucial first step is evaluating your current level of compliance and identifying what gaps need to be filled to gain certification or fully align with a Standard. This is typically done by conducting a Gap Analysis.

This exercise sets the foundations for your ISO Implementation project, from setting key actions and objectives, to resourcing and establishing a project timeline.  

In this episode, Ian Battersby dives into the purpose of a Gap Analysis, who should be involved in the exercise and what inputs and outputs you should expect to have from conducting a Gap Analysis.  

You’ll learn

·      What is a Gap Analysis?  

·      What is the aim of a Gap Analysis?

·      What is the process of conducting a Gap Analysis?

·      Who should be involved in a Gap Analysis?

·      What inputs should be included in a Gap Analysis?

·      What outputs can you expect from a Gap Analysis?

Resources

·      Isologyhub

In this episode, we talk about:

[02:05] Episode Summary – Ian Battersby dives into the first step on any ISO Implementation journey, breaking down what a Gap Analysis is, it’s purpose and what you should expect to get out of conducting one.

[02:50] What is a Gap Analysis?: Simply put, it’s the start of the process.

It’s a key to understanding where an organisation is right now and establishing what it needs to do on its journey to ISO certification.

But it’s not just for certification, as certification isn’t always what people are trying to achieve. Many businesses opt to align themselves to a standard to ensure they’re doing the right thing, but may not go through with full certification.

[04:05] Who is the aim of a Gap Analysis? The objective of a Gap Analysis is to carry out a review of your organisation against the requirements of the respective standard.

This will help to establish the following:

·      Areas where you conform to the standard, where you may have established the required processes, procedures, roles, responsibilities, systems, methods, documents

·      Areas of nonconformity, where such things will need to be developed

·      You may partly conform, so it’s important to understand that as well

From that understanding, you can build key actions, timescales and responsibilities for implementing an ISO Standard.

It’s also very useful to leadership; to clarify what’s needed, to look at priorities, to resource what’s required and to establish a timeline to your end goal.

[06:25] What is the process of conducting a Gap Analysis? It’s important to do this in a very structured manner. It’s also important to get access to existing documentation and personnel in key roles; they’ll be helpful during the gap analysis in providing understanding.

You’ll need to evaluate your current level of compliance against the following clauses within your desired ISO Standard(s):

4 Context: Understanding the world in which you operate, the people and organisations which are important to you. This is where you will determine the scope of your system (what to include, what parts of the standard are relevant).

5 Leadership: Top management’s commitment, how involved they are, their accountability and their commitment to resourcing, promoting, to giving people authority through clear roles and responsibilities.

6 Planning: This is about assessing risks and opportunities; understanding the uncertainty caused by your operating environment (context). It also involves setting objectives and then establishing meaningful plans to address the risks/opportunities and objectives; mitigations; establishing controls; operational processes.

7 Support: This is where you look at people, competence Infrastructure and environment (are your facilities/equipment appropriate to what you need to do). You will also need to identify what you need to monitor and measure to demonstrate the effectiveness of your ISO Management System.

Next, you need to cover awareness and communication, i.e. how do you make people aware of your system, policy, processes; what do you tell other interested parties?

Lastly, ensure you address how you control the documentation which supports your system.

8 Operation: This address the delivery of a product or service to the customer, including all the processes for doing so. For example, in ISO 9001 this clause defines what’s required when designing, developing, controlling externally provided products/services and controlling anything which goes wrong.

This is typically the clause that contains the largest difference between ISO Standard, with each one focusing requirements on it’s topic focus. For example, ISO 14001 includes requirements for emergency preparedness and response in the event of an environmental incident.

9 Performance evaluation: This is where you review and report on the results of the monitoring and measurement that you’ve put in place. For those familiar with ISO, this is where the internal audit and management review requirements sit.

10 Improvement: This clause states requirements for addressing any non-conformities that pop-up during your Internal Audits. It also encourages you to address opportunities for improvement to help drive continual improvement and innovation.

[13:50] Who should be involved in a Gap Analysis? One key myth that we’d like to clear up is that not everyone in the business needs to be involved in this process, however, we do recommend the following are included:

The person responsible for the day-to-day running of the Management System. This may not be known at this early stage, which is fine as the purpose of the Gap Analysis is to identify gaps such as this.

Leadership; someone in a senior role; responsible for resourcing the system, communicating its importance to the workforce; responsible for setting the strategic direction and objectives.

People who understand the context of the organisation; understanding interested parties (stakeholders); needs of customers and others; the regulatory environment

Those involved in risk management; operational, financial, commercial, regulatory, safety or environmental.

Someone with knowledge of the legal requirements and how they’re evaluated; relative to specific standard.

Anyone setting objectives related to the specific standard.

Those with knowledge of competence arrangements; not just those responsible for co-ordinating the Management System, but across the board, for delivering operational processes.

Those responsible for facilities and equipment; maintenance, service, test, inspection, etc.

People responsible for developing and delivering operational processes.

People with knowledge of how things are monitored or measured; possibly operations people, data analysis or those who report performance to management.

Those who control nonconformity and those who run improvement processes.

It can be quite a range of people!

However, in smaller organisations there may be quite a limited number who likely wear many hats. Again, that’s not a problem, as the Gap Analysis exists to discover that.

[21:55] What inputs should be included in a Gap Analysis? This can include a number of things, as not everything will necessarily be a document. Typically, we as consultants will look at:

·      Management System manual or System Scope

·      Organisational chart

·      Mission, vision, values and culture

·      SWOT/PESTLE and Interested Parties

·      Policy relevant to the standard

·      Job descriptions

·      Risk and opportunities analysis; methodology

·      Objectives

·      Legislation register and methods of evaluation

·      Competence arrangements, training records

·      Management System awareness, training completion

·      Details of version and document control in place

·      Monitoring and measuring plans (KPIs, SLAs, internal performance metrics)

·      Internal audit programme and audit reports

·      Management review records

·      Agendas for any regular management meetings

·      Nonconformities, incident report and corrective action records

·      Customer complaints/feedback

·      Emergency Plans

·      Process Documentation

·      Examples of process documentation:

·      Change control documentation

·      Sales, tendering, order processing

·      Procedures for the design and development of products and services

·      Design and development records stating inputs, verification and validation activities, outputs, and approval of changes

·      Procedures to approve products and services for release to customers including quality checks

·      Supplier / third party evaluation and onboarding documents

·      Non-conformity/complaint information

·      Traceability documentation

[29:40] What is the output from a Gap Analysis? We look at all of this and compare it against the requirements of the Standard to see where you currently stand. In our case, we do this on a spreadsheet with a simple scoring system to give you an overview of what you already have in place and what needs to be addressed.

In many cases, businesses already have a lot of the required documentation, but don’t have it tied together in one cohesive system. So a large part of implementation is consolidating that existing documentation, process ect. Into an accessible and easily understood system.

The key thing to remember is that this is not an audit. The evidence required does not have to be as detailed as an audit; some things can be taken on trust or face value. At this stage we aren’t demonstrating anything to a certification body, and you are not being judged.

We are simply looking at what needs to be done to achieve full Implementation or certification.

If you’d like assistance with carrying out a Gap Analysis, get in contact with us, we’d be happy to help.

We’d love to hear your views and comments about the ISO Show, here’s how:

●     Share the ISO Show on Twitter or Linkedin

●     Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

Stitcher | Spotify | YouTube |iTunes | Soundcloud | Mailing List