A gap analysis is the starting point for any ISO 9001 implementation. Before you can build a quality management system, you need to understand what you already have in place and what is missing. That is exactly what a gap analysis does — it measures the distance between where you are now and where ISO 9001 requires you to be.
What a Gap Analysis Actually Involves
An ISO 9001 gap analysis systematically reviews your current operations, processes, and documentation against each requirement of the standard. For every clause in ISO 9001:2015 (clauses 4 through 10), you assess whether your organisation already meets the requirement fully, partially, or not at all.
The output is typically a report that shows your overall readiness score, highlights your strengths, identifies critical gaps, and prioritises what needs to be addressed first. Think of it as a diagnostic — like a health check for your business processes.
Why It Matters
Skipping the gap analysis is one of the most common mistakes organisations make when pursuing ISO 9001. Without it, you are essentially guessing at what needs to be done, which leads to wasted effort on areas that are already adequate and missed gaps in areas that are not.
A thorough gap analysis gives you three things. First, a realistic picture of how much work is involved. Second, a prioritised list of what to tackle first. Third, a baseline against which you can measure your progress during implementation.
For business owners and management, the gap analysis also provides the information needed to make an informed decision about resources, timelines, and approach. It is much easier to commit to a project when you know its true scope.
How to Conduct a Gap Analysis
The process follows a logical structure based on the standard's clauses.
Context and Planning (Clauses 4-6)
Start by examining whether your organisation has identified its external and internal context — the factors that affect your ability to deliver quality. Have you documented who your interested parties are and what they expect? Is there a defined scope for your quality management system? Do you have a quality policy and quality objectives? Have you assessed risks and opportunities?
Most businesses have informal versions of these things but rarely have them documented in a structured way. The gap is usually in documentation and formalisation, not in awareness.
Support and Resources (Clause 7)
Review your resource management. Do you have a clear picture of what competencies are required for each role? Is there a training plan? How do you manage organisational knowledge? Is there a system for controlling documented information (what used to be called document control)?
This clause also covers communication — both internal and external. Many organisations communicate well informally but lack a structured communication plan.
Operations (Clause 8)
This is often the most substantial part of the assessment. Review how you plan and control your operations, how you manage customer requirements, how you handle design and development (if applicable), how you control external providers (suppliers), and how you manage production or service delivery.
For most businesses, the operational processes exist and work reasonably well — the gap is usually in how consistently they are followed and how well they are documented.
Performance and Improvement (Clauses 9-10)
Assess whether you monitor and measure your processes and customer satisfaction. Do you conduct internal audits? Does management formally review the quality system? How do you handle nonconformities and corrective actions? Is there a structured approach to continual improvement?
These are often the biggest gap areas for organisations new to formal quality management. Internal auditing and management review are rarely done in a structured way before ISO 9001 implementation.
Scoring Your Results
A useful gap analysis produces scores, not just yes/no answers. For each clause area, rate your compliance on a scale — commonly 0 to 100 percent, or using categories like "Not Addressed," "Partially Implemented," "Largely Implemented," and "Fully Conforming."
An overall readiness score gives you a quick snapshot. Organisations scoring above 70 percent are generally well-positioned for a relatively smooth implementation. Those below 40 percent have significant work ahead but should not be discouraged — it simply means the implementation plan needs to account for the additional effort.
What to Do With the Results
The gap analysis should directly feed into your implementation plan. Critical gaps — areas with zero or minimal compliance that are core requirements of the standard — need to be addressed first. These typically include document control, internal auditing, management review, and corrective action processes, since these are the mechanisms that keep the entire system working.
Secondary gaps can be addressed in parallel or in later phases. The key is to create a realistic roadmap with clear milestones and responsibilities.
Common Findings
Having seen gap analyses across many organisations, certain patterns recur. Most businesses have reasonable operational processes but poor documentation. Almost everyone lacks formal internal audit and management review processes. Risk management exists informally but is rarely documented. Customer satisfaction is monitored through complaints but rarely measured proactively. And document control is either absent or inconsistent.
If this sounds like your organisation, you are in good company. These are normal starting points, not red flags.
Getting Started
You can conduct a gap analysis yourself using a checklist based on ISO 9001:2015 clauses, or you can use a platform that automates the assessment and generates a prioritised action plan. Either way, invest the time to do it thoroughly — the quality of your gap analysis directly determines the quality of your implementation plan.