How to Do a Gap Analysis for ISO 9001 (In 6 Steps)

ISO 9001 is the international standard for quality management assurance.  If your company is thinking about getting your quality management system ISO 9001 certified, start the process with a gap analysis.

How do you do a gap analysis for ISO 9001? In order to do a gap analysis, you should assign a Project Manager in charge of the project, create a checklist detailing the steps you will take in your gap analysis, schedule and conduct the gap analysis in an organized manner, examine the results gathered, and finally create a plan for improving your quality management system. 

A gap analysis is a tool for seeing how your quality management system measures up to ISO 9001 standards.  Its purpose is to help your business determine the gaps in respect to the requirements. A gap analysis should be conducted as an initial step in the process of ISO 9001 certification.  

A gap analysis is an important starting place because it clearly highlights areas where your company needs improvement before you jump into the paperwork of ISO 9001 certification.  Done well, it can save time, money, and resources. 

However, if misused, it can lead to delays and frustrations.

In other words, this is a process that details where your company falls short of ISO requirements in its quality management system. Keep reading to earn how to create a gap analysis in 6 steps. 


How to Conduct a Gap Analysis for ISO 9001

While the process to becoming ISO 9001 certified is long and complex, the process of running a gap analysis is considerably less complicated.  There are five major steps in the process for completing a gap analysis for ISO 9001.

These steps can help you either know what to look for when hiring someone to do a gap analysis or can help you manage your own gap analysis.

How To Do a Gap Analysis For ISO 9001 In 6 Steps

  1. Assign (or hire) someone to oversee the gap analysis
  2. Create (or purchase) a gap analysis checklist
  3. Schedule the gap analysis
  4. Conduct the gap analysis
  5. Examine the results of the gap analysis
  6. Set up your plan for improving your quality management system

Step 1. Assign (or hire) someone to oversee the gap analysis

Gap analyses are often a time consuming, in depth process.  Ideally, the person (or team) running the gap analysis will have experience in quality assurance and management.

Whether or not you have an employee available with that kind of background of course depends on your company.  If you are a small company without someone experienced in quality assurance to lead your gap analysis, do not despair!

A gap analysis can be done by someone with less experience, given that they are willing to learn the complex details of ISO 9001 certification, and are available to put in the time necessary to understand the certification process.

Alternatively, there are professional ISO 9001 gap analysis consultants that may be hired to run the analysis for you. These professionals can greatly decrease the time spent on a gap analysis, compared to someone outside the ISO 9001 quality management field.

Though hiring one of these professional consultants may be more expensive than assigning one of your own employees to run the analysis, hiring a professional will save you a great deal of time in the long run.

Step 2. Create (or purchase) a gap analysis checklist

The next step in the gap analysis process is to create or buy a gap analysis checklist. A gap analysis checklist will lay out the requirements for ISO 9001 certification into a series of steps.  The ISO 9001 form is a long, complicated, and sometimes overwhelming 30-page document.

A checklist can help you stay on task and focus on the elements required for ISO 9001 certification.  Having a checklist can help you navigate the requirements listed in the ISO 9001 form.  There are two ways to obtain a gap checklist: write your own, or purchase a professionally written one.

Gap Analysis Checklist

If your business chooses to write its own checklist, it is recommended that you research existing gap analysis checklists before attempting to write your own.

Gap analysis checklists should be very detailed and will often end up being very long, often 30 pages or more.  Dig deep to make sure you hit all the important points, if you decide to write your own!

Gap analysis checklists may also be purchased online.

Purchasing a pre-existing checklist can:

  • Save time – these often extremely lengthy and detailed checklists are already completed, and do not need to be written, saving your business time
  • Avoid mistakes – checklists purchased from reputable sources are written by experts in the ISO field, and will have been edited to ensure that all necessary pieces are included, leaving nothing out
  • Minimize confusion – because these checklists should be very thorough, confusion can easily arise regarding what aspects need to be focused on, and what is not required

A good gap checklist should be very detailed and be made up of a series of questions.  It should summarize the entire ISO 9001 form’s requirements.

View a sample of our Gap Analysis Checklist available to purchase.

Step 3. Schedule the gap analysis

Now that you have completed the preliminary steps, set up a date to conduct the analysis.  Make sure that your employees know the date and time for this analysis, especially if you’ve hired a professional consultant.

Step 4. Conduct the gap analysis

The consultant will be asking your employees questions about your quality management system (using the gap analysis checklist), so make sure your employees are prepared to answer questions.

If you have elected to do the gap analysis yourself, you should still let your employees know when you plan on conducting the analysis to ensure that they are at the top of their game and can answer all the questions detailed in the gap analysis checklist.

Once you have everything prepared and scheduled, your business will be finally be ready to conduct the actual gap analysis.  Following your checklist, divide your business into sections to be analyzed.

These sections can be either physical areas of the building, or processes of your quality management system.  Organize these sections into time slots and follow your gap analysis checklist while examining each of these sections.

Remember, the gap analysis focuses on the present, so only look at processes you have in place currently, not ones you are planning on adding in the future.  Take thorough notes on your findings as you go through the analysis.

You will be using these notes later!  Make sure to include areas of processes that need improvement, as well as processes that meet the requirements in your notes.

Thorough note taking will save you considerable time later on in the analysis.

Keep in mind that you aren’t focusing on ISO 9001 certification itself.  Certification comes well after the gap analysis.  A gap analysis is meant to show whether your current quality management system meets ISO 9001’s standards, not whether or not it is ready for certification.

A gap analysis helps prepare your business for certification, but it does not guarantee that your business is ready for certification.

Step 5. Examine the results of the gap analysis

After the gap analysis has been completed, examine the results of the gap analysis.

Take a look at what needs improvement, and what already fulfills the requirements.  This is where the note taking you did in the last step will come in handy. 

Continue to keep notes, detailing why a process is in need of change, not just that it needs updating to fit the requirements.  Ideally, you or the consultant will use these notes to create a list of steps to take for improving your quality management processes.

Step 6. Set up your plan for improving your quality management system

The final step you should focus on leads to the next step in the ISO 9001 process: creating a plan of action for improving your quality management systems.

This plan of action will help you get on track to update your quality management system for certification.

You should set clear, concise goals and deadlines for updating your systems, and come up with a detailed plan of action for reaching those goals.  Remember, the more specific and detailed an improvement plan is, the easier it will be to implement it.

What is a Gap Analysis

What Is a Gap Analysis in ISO 9001?

A gap analysis is an evaluation of your business’s standards for its quality management systems in reference to the ISO’s standards for quality management systems. It finds what your company is missing from the ISO’s standards.

A Gap Analysis Is Not

  • An internal audit
  • A risk assessment
  • A plan for filling the gaps found
  • A guarantee that your business is ready for certification

A gap analysis focuses on what’s missing from a set of requirements.  Internal audits make sure that the process adheres to the requirements.

They are similar, but the focus is different.  A gap analysis focuses on what needs to be changed; an internal audit focuses on how to maintain what is already existing. A gap analysis focuses on what’s missing; an internal audit focuses on keeping what is already there.

A risk assessment focuses on uncertainties in your quality management processes.  Risk assessments try to analyze the unknowns.  Gap analyses look at the known processes.  Once again, these two types of analyses are similar, but have different focuses and goals, and lead to different results.

Risk assessments focus on examining the unknown and implementing preventative strategies to try to ensure that any kind of catastrophe does not happen.

It also helps to create (or improve) a plan to minimize any kind of damage in the event that something does go wrong.  Gap analyses focus on known processes, and help to create plans for improving those existing, known processes.

While gap analyses are helpful to developing a plan for meeting ISO 9001 requirements, it is not itself a plan.  Gap analyses are only the first step in creating a plan to meet ISO 9001 requirements.

Subsequent steps and examinations are needed to execute a plan to fill in any missing gaps.  Even though your next step after conducting a gap analysis should be to create a plan for improvement, the gap analysis itself will not create that plan for you.  It can only show you where to start creating that plan.

Though a gap analysis is helpful for gauging how your company’s quality management processes measure up to the ISO 9001’s standards, it is not a guarantee that your company will be ready for certification.

A gap analysis is only a tool to help your business prepare for the certification process.  It is not the certification process on its own.  Even if your company is completely satisfied and sees no need for improvement in its quality management systems, it still will have to go through the necessary paperwork to become certified.

Gap Analysis Checklist

A gap analysis is

  • A tool for focusing on what existing processes need work
  • A tool for focusing on certainties in your processes
  • Helpful in creating a plan for filling in gaps
  • A critical first step to preparing your business for ISO 9001 certification

Improving existing processes is an important piece to getting your company certified.  By focusing on what processes need improvement, you can streamline your business’s focus to center only on processes that need work.

Instead of wandering around, wondering whether a process needs improvement or not, you can find and focus exclusively on what aspects of your quality management system needs upgrading to fit ISO 9001 requirements.

Gap analyses only look at the certainties in your processes.  By narrowing your focus to what is known, you can expend your valuable time, energy, and resources to look strictly at improving those existing processes.

You do not use up any of those resources with this type of analysis.  While examining unknown entities absolutely has its place in the industry, it is not needed or wanted in gap analyses.

While it is true that in this article creating a plan for improvement is listed as part of a gap analysis, a gap analysis on its own can’t create a plan for improving your quality management systems for you.

The creation of a plan for improving your quality management system should always come after a gap analysis; a gap analysis is an important method to get you to that critical step in ISO 9001 certification.

Gap analyses are an important piece in preparing for ISO 9001 certification.  They help businesses to examine their quality management processes on their own terms.

They can not substitute an ISO 9001 audit, they can not substitute ISO 9001 paperwork, but they can give your business an idea how well its quality management systems fulfill ISO 9001 requirements.

ISO certification lightbulb

The Purpose of an ISO 9001 Gap Analysis

The purpose of a gap analysis is to help your company navigate through the complex ISO 9001 standards by finding the “gaps” where your company does not meet the requirements.  The ISO 9001 is made up of ten different sections.

The first three ISO 9001 clauses are introductory, and not required.  The next seven are requirements for certification.  They are:

  • Context of the organization
  • Leadership
  • Planning
  • Support
  • Operation
  • Performance evaluation
  • Improvement

Gap analyses help you to check each of these clauses, one step at a time, to determine whether your company fulfills the requirements listed in the ISO 9001 form.

The gap checklist used to help run the gap analysis is a list of questions written to thoroughly cover all the requirements in each of the seven listed important ISO 9001 clauses.

Without a gap analysis, your company is left to try to navigate the confusing maze of paperwork without a guide on what systems need updating, and which systems do not.

The ISO 9001 standards are a maze of paperwork, and a gap analysis is your map to succeeding in getting your certification.

When Is a Gap Analysis Needed?

A gap analysis is needed at the beginning of your process in becoming ISO 9001 certified.  A gap analysis should take place soon after your company has made the decision to become ISO certified.

It should be scheduled before any of the ISO 9001 paperwork is filled out.  It should not take place:

  • Before your business has done research in ISO 9001 certification
  • Before your business has made the decision to become ISO 9001 certified
  • After your business has started filling out paperwork for ISO 9001 certification
  • After your business has created a plan for updating your quality management system for getting ISO 9001 certified

A gap analysis should of course be completed after your company has researched the ISO 9001 certification process and decided that it wants to proceed in getting certified.  However, your business should not start filling out the paperwork for ISO 9001 certification before conducting a gap analysis.

A gap analysis will help make the ISO paperwork easier for you.  Likewise, your business should not create a plan for updating and improving your quality management system until after a gap analysis has been conducted, as the analysis will outline where to begin the necessary improvements.

2 workmen reviewing new product surface road

Why Is a Gap Analysis Important?

Now, that sounds like a lot of work when you could just skip straight to filling out the certification forms.  Why bother with all those extra steps?

A gap analysis is important because it can highlight what areas are missing that your business needs to fill in order to qualify for ISO.

It is important to start with a gap analysis first in order to see what your company already has, and what it needs to work on.  A gap analysis can help:

  • Save time
  • Save money
  • Focus your energy
  • Narrow your goals

A gap analysis can help your business save valuable time.  Instead of blindly stumbling through endless confusing paperwork, without knowing whether your business qualifies for ISO 9001 certification or not, use a gap analysis to determine where to begin in the paperwork process.

Save time by learning where your company falls short and improving those areas, before getting swamped in a sea of paperwork.

A gap analysis can also save your business money in the long run.  Yes, it may cost money to hire a professional consultant, or to purchase a gap analysis checklist, or even to assign one of your own employees to perform the analysis.  However, running a gap analysis will be less expensive even if its only time that you save.

Jumping headfirst into a mass of paperwork before properly preparing will only lead to wasted time, confusion, and frustration for whoever was assigned the task of filling out the paperwork. This loses time better spent in more productive, valuable areas.

After all, time is money, and that old adage is clearly shown when it comes to complicated paperwork.

A gap analysis can help you focus your energy. The ISO 9001 has an intensive list of standards that companies are required to uphold in order to become certified.  Because it is a very involved list, it is easy to quickly become lost and focus on less relevant requirements. 

With a gap analysis, your business is less likely to be running around spending resources on trying to fix areas that don’t need to be fixed and already fall into the ISO 9001 standards, while ignoring areas where your company needs improvement in following those standards. If your goals for improvement are too broad, a gap analysis can help you narrow them down.


What Happens When a Gap Analysis Is Done Incorrectly?

Most of this article has been spent discussing how gap analyses are useful, and how they can help a process go smoothly.  But what happens if a gap analysis does not go as planned?  Or if a gap analysis is misused?

Though the gap analysis itself is a relatively straightforward process, failures can still happen.

What can go wrong with a Gap Analysis if done incorrectly?

  • Substituting gap analyses for other assessments
  • Creating a solution before properly examining gap analysis results
  • Developing improper training methods for implementing a solution
  • Creating improper documentation

One confusion about gap analyses is that they are the only analyses a business needs to do in preparation for the ISO 9001 certification process. This is simply not the case.  Gap analyses should not substitute for other assessments.

Risk management, internal audits, customer satisfaction evaluations, and other assessments should be made in addition to a gap analysis.

Each of these assessments has a different focus and fills a different purpose than a gap analysis. Because of these different focuses and purposes, one type of analysis should never replace another.

Attempting to do so could lead to complications.  A few examples of what may go wrong if one analysis is substituted for another are risks may be ignored or underestimated; maintaining existing processes could be forgotten; and focus on customers could be minimized.

Another mistake often seen in gap analyses is jumping straight into a solution to a perceived problem before creating a plan of action based on the gap analysis.

This defeats the entire purpose of conducting a gap analysis by ignoring the areas the gap analysis says needs focus, and instead diving headfirst into whatever seems to be the issue, regardless of what the issue may actually be.

Similar to the previous mistake listed, another mistake made is developing improper training methods for improving quality management systems.

An administrator may sometimes begin developing training methods for employees to help improve quality management systems without first checking to make sure they fit the results of the gap analysis.  This once again defeats the purpose of a gap analysis.

Creating improper documentation, whether over documenting or under documenting a process, is another area some companies have difficulty with.

In the sometimes baffling world of ISO 9001, it can be hard to tell what needs to be documented and what does not.  In the past, ISO standards required that everything had documentation.  This is no longer the case. 

Companies that have been sticking with ISO standards for a long time now sometimes run into the problem of having a complex mass of obsolete documentation due to never revamping their documentation when an ISO 9001 update released.

Conversely, some companies have no documentation for how their quality management systems are supposed to run.  The key is to have a balance between over and under documentation.

Outline clearly and concisely each process in your quality management systems, and update to suit the new ISO 9001 standards when needed.

ISO 9001 building blocks

In conclusion, with a little time and effort, you can create a gap analysis for your business. This is one of the most important, first steps in the process of obtaining ISO 9001 certification. Completing it correctly helps save you time, money, resources, and energy by highlighting the places that do not meet ISO 9001 requirements in your quality management systems.


Internal Auditing & Gap Analysis


Written: 26th July 2019
Author: Richard Keen

Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard