Gap Analysis

Find out where you are in your compliance journey.

A gap analysis can be a great tool for helping you to identify exactly where your project or business stands in comparison to your desired outcome.

An Exos Gap Analysis is a step-by-step process which sees you comparing your goals (desired compliance!), policies, and procedures to discover areas of non-compliance.

By doing this, you can spot any gaps in your compliance posture; from there, you can plan activities to bridge the gap and ensure you're achieving the compliance you were aiming for.

Your Exos gap analysis

MedStack's support team can review all of your completed policies and procedures to analyze any gaps with reference to satisfying the clauses.


Prior to requesting a gap analysis, steps 1-4 must be completed:

  1. The organization has an assigned Security Officer in Exos
  2. All required and relevant addressable policies are acknowledged by each member of the organization as per their policy assignment
  3. All procedures are assigned to a user(s) in Exos
  4. Your entire organization is added to Exos


Once you are confident these steps are complete, please reach out to your MedStack Customer Service Manager (CSM) to request a gap analysis. We require your explicit written consent to add our Compliance Advisor to your organization in Exos.

Securely add a Contributor to your account

Once we have your consent, you may invite your assigned Compliance Advisor to your account. Do this by assigning them the Contributor role.


Evidence is for your eyes only

A gap analysis can be requested at any time from a MedStack Compliance Advisor for policies and procedures. However, the Advisor can not analyze gaps for evidences due to privacy concerns.


The outcome of this work will be a statement informing: "Yes/No, your policies and procedures are/not HIPAA compliant."

The turnaround time for a gap analysis is 10 business days.