Performing an Effective Gap Analysis

The is a lot a talk about the upcoming Cyber Security requirement deadline in December 2017, yes, I’m referring to NIST SP 800-171.

Many organizations are scrambling to assess their compliance. Most QA Managers are doing what comes natural, they are relying on the GAP ANALYSIS in order to measure their compliance. Performing a Gap analysis is a great idea.

Can we all can agree that measuring compliance is a best practice and that management uses measurements as a method to analyze options for reducing uncertainty about decisions?

WARNING: To make a good decision you had better measure what matters.

It is imperative that the measurements start with asking the right questions. If you do not understand the regulation, standard or requirement, how will the gap analysis provide an accurate measurement of compliance? The answer is, it will not. 

If you need assistance with understanding this NIST publication, drop us an email at

Aerospace Exports Incorporated

ITAR, AS9100, ISO, FAR & DFARS Regulatory Specialists