Operational Resilience Body of Knowledge (OR BoK) Series
OR BB_v4_8

[OR] [BOK] [2] [P1] [S2] Analyse Gap

Gap analysis is your secret weapon for a successful certification application. It helps you pinpoint the difference between your organisation's current state and the desired operational resilience goals. 

[OR] [BOK] [2] [P1] [S2] Analyse GapThis guide will equip you with the Body of Knowledge required during the introduction of the content in BCM Institute's courses.

It also provides the knowledge requirements on how you can describe your relevant gap analysis knowledge throughout the OR certification application process confidently.

This blog [P1-S2] elaborates on the content for Stage 2 of the "PLAN" phase or P1 of the OR Planning Methodology.  

Course Participants: This blog is a pre-reading for the Operational Resilience Expert Implementer course participants.

Certification Application: The "How To" section is designed to assist successful participants in completing their Certification Application Form or CAF.

Moh Heng Goh
Operational Resilience Certified Planner-Specialist-Expert

New call-to-action

 

Element

Description

Purpose

To identify the gaps between the organisation’s current resilience capabilities and the desired target state, based on regulatory expectations, industry best practices, and organisational objectives.
Objectives
  • Assess the current state of resilience across BCM, ITDR, CM, risk, and related frameworks.
  • Identify alignment gaps with regulatory and industry requirements.
  • Determine capability shortfalls in delivering critical business services (CBS).
  • Provide a prioritised basis for remediation planning in subsequent phases.

Inputs
  • Organisational objectives and scope from Stage 1 (Establish Context).
  • Existing frameworks: BCM, ITDR, Crisis Management, Risk, Cybersecurity, Outsourcing/Vendor Risk.
  • Regulatory guidelines and supervisory expectations (e.g., MAS, FCA, DORA).
  • Industry standards (e.g., ISO 22301, ISO 27001, NIST, FFIEC).

Activities
  • Review Existing Frameworks – assess governance, policies, and resilience capabilities.
  • Benchmark Against Requirements – compare against regulatory and industry standards.
  • Evaluate Core Components – governance, CBS, third-party risk, incident/crisis response, testing & exercising.
  • Identify and Prioritise Gaps – classify gaps by criticality, regulatory impact, and business risk.
  • Develop Gap Analysis Report – document findings with recommendations for remediation.

Outputs
  • Gap Analysis Report – highlighting resilience strengths, weaknesses, and gaps.
  • Maturity Assessment Scorecard – benchmarked against target resilience maturity.
  • Prioritised Action List – short-term vs. long-term remediation.
  • Executive Summary – concise overview for senior management and board.

Competencies Required

 
  • Knowledge of BCM, ITDR, Crisis Management, Cybersecurity, and Risk Management.
  • Familiarity with regulatory requirements and resilience frameworks.
  • Analytical skills in process mapping, benchmarking, and assessment.
  • Ability to communicate findings to technical teams and executives.

Challenges
  • Siloed functions are hindering visibility across departments.
  • Complexity of multi-jurisdictional regulations.
  • Under-documented third-party dependencies.
  • Resource limitations are slowing remediation.

Linkages
  • Stage 1: Establish Context – provides the baseline scope and objectives.
  • Stage 3: Define Requirements – uses gap analysis results to define resilience requirements.
  • Phase 2: Implement – remediation activities to close identified gaps.
 
"Plan" Phase of the OR Planning Methodology

 

Assess Capability and Maturity Analyse Gap Develop Strategy and Roadmap Confirm Risk Appetite Develop and Embed Governance  
OR PM Plan Assess Capability and Maturity OR PM Plan Analyse Gap New call-to-action New call-to-action OR PM Develop and Embed Governance  

 

More Information About Blended Learning OR-5000 [BL-OR-5] or OR-300 [BL-OR-3]

Contact our course consultant colleagues to learn more about our blended learning program and the next course schedule.  They are the BL-OR-3 Blended Learning OR-300 Operational Resilience Implementer and the BL-OR-5 Blended Learning OR-5000 Operational Resilience Expert Implementer.

BL-OR-3 Register Now BL-OR-3_Tell Me More BL-OR-3_View Schedule
BL-OR-5_Register Now BL-OR-5_Tell Me More [BL-OR] [3-4-5] View Schedule
[BL-OR] [3] FAQ OR-300

If you have any questions, click to contact us.Email to Sales Team [BCM Institute]

 FAQ BL-OR-5 OR-5000
New call-to-action

New call-to-action

 New call-to-action

Comments:

 

More Posts

New Call-to-action
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2025