Management Systems

How to conduct an ISO 9001 gap analysis

A practical method for assessing where your management system stands, prioritizing what matters, and turning findings into an action roadmap — not just a checklist.

ISO 9001:2026 Transition

A gap analysis compares your current management system against a reference — the ISO 9001 requirements and good practice — to reveal what is missing, weak, or drifting. Done well, it produces a prioritized roadmap rather than a long list of non-conformities. This guide covers what evidence to gather, how to judge maturity, and how to separate genuine performance gaps from paperwork gaps.

Best used when
  • You are preparing for certification or a transition
  • You inherited a system and need to understand its real state
  • Audit findings keep recurring and you want the root causes
  • Leadership wants a clear, prioritized improvement plan
Step 1

Gather the right evidence

A gap analysis is only as good as its evidence. Collect what shows how the system actually operates, not just what the manual says.

  • Process descriptions, measures, and recent performance data
  • Internal and external audit results and open corrective actions
  • Management review outputs, risks, objectives, and customer feedback
Step 2

Assess current-state maturity

For each requirement area, judge maturity on a simple scale — absent, informal, defined, measured, improving. This is more useful than a binary pass/fail.

  • Rate context, leadership, planning, support, operation, evaluation, improvement
  • Note where practice is strong but undocumented, and vice versa
  • Capture evidence for each rating so the assessment is defensible
Step 3

Distinguish compliance gaps from performance gaps

Some gaps risk your certification; others quietly cost the business. Label each one so you prioritize correctly.

  • Compliance gap: a requirement is not met and must be addressed
  • Performance gap: the requirement is met but the process underperforms
  • Prioritize gaps that are both a compliance risk and a performance drag
Step 4

Prioritize and build the roadmap

Turn findings into a sequenced plan. Rank by risk and business impact, assign owners, and set realistic dates.

  • Score each gap by likelihood, impact, and effort
  • Group related gaps into workstreams with a single owner
  • Feed the roadmap into your transition plan and review cadence
Common mistakes
  • Producing a checklist of clauses instead of a prioritized action plan
  • Confusing missing documents with missing capability
  • Assessing against the manual rather than what actually happens
  • Leaving gaps unowned so nothing changes after the analysis
How Cogliva helps

From gaps to a living improvement plan

Cogliva helps you capture context, processes, and risks, then turn prioritized gaps into owned actions connected to objectives and review. It supports the analysis and the follow-through; it does not replace auditor judgment or certification.

Frequently asked questions

What is an ISO 9001 gap analysis?

It is a structured comparison of your current management system against ISO 9001 requirements and good practice, identifying what is missing, weak, or drifting so you can prioritize improvement before an audit or transition.

How long does a gap analysis take?

For a small organization it can take a few days; for a complex, multi-site business it may take several weeks. The time is driven by how accessible your evidence is and how many processes are in scope.

What is the difference between a compliance gap and a performance gap?

A compliance gap means a requirement is not met and could affect certification. A performance gap means the requirement is technically met but the process still underperforms. The most important gaps are usually both.

Should we do the gap analysis ourselves or hire someone?

Either can work. Internal teams know the context best; external reviewers add objectivity. Whichever you choose, the resulting roadmap must be owned internally or little will change.

Turn your gap analysis into momentum

A prioritized, owned roadmap beats a long list of findings every time.

Back to ISO 9001:2026 Transition