Saturday 04 July 2026 11:12:28 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Compliance gap

The distance between written requirements and an organization’s real ability to meet them.

A compliance gap is the distance between what a rule, framework, or policy requires and what an organization can actually do in practice. It appears when documents say one thing, but the business lacks the people, data, processes, or technical controls needed to meet the requirement consistently. In cyber security, this gap matters because attackers do not care whether a control exists on paper; they exploit weaknesses in implementation.

Compliance gaps often show up during asset inventories, service classification, incident reporting, access reviews, and recovery planning. For example, an organization may have written procedures for critical-service mapping, yet still be unable to name dependencies, owners, or recovery priorities. That makes compliance efforts slower and also weakens defense, because the same blind spots can disrupt detection, response, and resilience. Closing the gap means turning policy into measurable operational capability, not just passing an audit.

← WIKICROOK index