How long does an ISO 9001 gap assessment take?

For a small manufacturer (under 50 employees, single site), a thorough gap assessment typically takes 1-3 days. Larger or multi-site organizations may take 1-2 weeks. The time depends on documentation complexity, process maturity, and whether you have an experienced assessor. A first-time assessment with no prior QMS history takes longer than a reassessment of an existing system.

Can I conduct my own ISO 9001 gap assessment?

Yes. An internal gap assessment using a structured checklist is a legitimate and commonly used approach. The limitation is objectivity - staff familiar with existing processes may overlook gaps that an external eye would catch. Best practice: conduct your own gap assessment first to identify obvious gaps, then engage an external consultant or experienced auditor for a second-pass review before pursuing certification.

What is the difference between a gap assessment and an internal audit?

A gap assessment is typically a one-time diagnostic tool to evaluate readiness for ISO 9001 implementation or certification. An internal audit (Clause 9.2) is an ongoing, recurring compliance activity that verifies the QMS is functioning as intended once implemented. Gap assessments are not required by ISO 9001 - internal audits are.

? Back to ArticlesISO 9001

ISO 9001 Gap Assessment Template: Free Excel Download & Complete Guide

Q: What is an ISO 9001 gap assessment?

An ISO 9001 gap assessment (or gap analysis) is a structured review that compares your organization's current quality management practices against ISO 9001:2015 requirements. It identifies which requirements are fully met, partially met, or not yet addressed. Gap assessments are conducted before ISO 9001 implementation to scope the work, or as a pre-audit self-assessment to identify issues before an external auditor finds them.

By the Training Tiger Team•February 2026•12 min read

Found your gaps? Now close them — and prove you did.

A gap assessment tells you where you stand. But closing those gaps means training the right people on the right documents — and retaining evidence that it happened. Training Tiger handles the training tracking side automatically so your gap closure is documented from day one.

Start your free 30-day trial →

Every quality manager preparing for ISO 9001 certification asks the same question at the start: "Where are we actually at?" Not where leadership thinks you are. Not where the consultant said you should be. Where are you actually at, requirement by requirement, against the standard?

That's what a gap assessment answers. It's the first tool any serious quality manager reaches for — before engaging a certification body, before writing a single procedure, before spending a dollar on consultants. You need an honest picture of your current state. The gap assessment gives you that picture in a format you can actually act on.

This guide walks through what a gap assessment is, how to score it honestly, what each section of ISO 9001 expects, how to interpret your results, and how to use the findings to build a realistic certification roadmap. The free Excel template is at the bottom — but read the guide first. Knowing how to score it matters more than the spreadsheet itself.

In This Guide

What Is an ISO 9001 Gap Assessment?

A gap assessment is a systematic comparison of your current quality management practices against the requirements of ISO 9001:2015. You go through each requirement in the standard — clause by clause — and honestly evaluate whether your organization meets it, partially meets it, or doesn't address it at all. The output is a scored inventory of where you stand, which tells you exactly where to focus your effort.

It's important to understand what a gap assessment is not. It is not a formal audit. It produces no certificates, no audit findings in the official sense, and no external verification. It's a self-assessment tool — the same kind of tool a quality manager uses internally to take stock before bringing in a certification body. Think of it as doing your own homework before the teacher grades the paper.

The classic format used by quality managers across industries is straightforward: a spreadsheet with one row per ISO requirement, plain English descriptions of what the requirement means, a score column, and a notes column for evidence or gaps. That's it. The template doesn't need to be fancy to be useful. It needs to be honest.

Why do one before certification? Three reasons. First, you identify where you are before the auditor does — which gives you time to fix gaps instead of receiving formal findings. Second, you can prioritize resources. Not every gap is equal; a gap in Section 8 (Operation) typically takes far longer to close than a gap in Section 5 (Leadership). You need to know both exist. Third, you build a realistic project plan. Without a gap assessment, your certification timeline is guesswork. With one, you can see which gaps are closable in weeks and which ones will take months.

When to Conduct a Gap Assessment

The most common timing is pre-certification — typically 6 to 12 months before your Stage 1 audit. That window gives you enough time to close significant gaps before the certification body shows up. If your overall scores are low (more on what "low" means below), you might want to start even earlier.

But pre-certification isn't the only situation where a gap assessment makes sense:

After major organizational changes. A new facility, an acquisition, a significant leadership change, or a major product line addition can all create gaps in your QMS coverage. Processes that worked for 50 people may not scale to 200. A gap assessment after a reorganization catches those mismatches before an auditor does.
After a failed audit or major nonconformity. If you received a major nonconformity in your last surveillance or recertification audit, a gap assessment across the affected sections — and adjacent ones — tells you whether the problem is isolated or systemic.
Annually, as part of management review preparation. Clause 9.3 (Management Review) requires top management to review the QMS at planned intervals. A current gap assessment is one of the most useful inputs you can bring to that review — it gives leadership a clear, honest picture of QMS health instead of a slide deck full of metrics that don't connect to certification readiness.
When you're new to the quality manager role. If you've just taken over as quality manager at an organization with an existing QMS, a gap assessment is the fastest way to understand what you actually have versus what the documentation says you have. Those two things are frequently not the same.

How to Score Each Requirement

The template uses a 0–3 scale. Each score has a specific meaning — and it's worth internalizing those meanings before you start, because the temptation to score generously is real.

0Not implemented

No evidence this requirement is addressed. No documented process, no activity, no records.

1Partially implemented

Some activity exists but it's informal, undocumented, inconsistently applied, or incomplete. You'd struggle to show an auditor evidence.

2Largely implemented

Mostly in place. You have documented evidence, but there are gaps or inconsistencies an auditor would likely cite as observations or minor nonconformities.

3Fully implemented

Fully meets the requirement with documented evidence. You could put this in front of a certification body auditor today and it would pass.

Score	Level	What It Means
0	Not implemented	No evidence this requirement is addressed. No documented process, no activity, no records.
1	Partially implemented	Some activity exists but it's informal, undocumented, inconsistently applied, or incomplete. You'd struggle to show an auditor evidence.
2	Largely implemented	Mostly in place. You have documented evidence, but there are gaps or inconsistencies an auditor would likely cite as observations or minor nonconformities.
3	Fully implemented	Fully meets the requirement with documented evidence. You could put this in front of a certification body auditor today and it would pass.

The hardest part of running a gap assessment honestly is resisting score inflation. It happens at every organization. People score their own area a 2 because they think they're doing a good job — but a 2 means you have documented evidence with minor gaps, and a 3 means you're audit-ready today. Those are very different bars.

A useful calibration: before you assign a 3, ask yourself, "If the auditor walked in right now and asked to see evidence for this requirement, could I produce complete, current, documented evidence in under five minutes?" If the answer is anything other than an immediate yes, it's a 2 at best.

For organizations starting their certification journey, being in the 1–2 range on most requirements is completely normal. That's not failure — that's an accurate baseline. The gap assessment is supposed to reveal problems so you can fix them before the auditor does. Scoring conservatively is what makes the tool useful.

Section-by-Section Overview (Sections 4–10)

ISO 9001:2015 is organized into sections 4 through 10 — these are the normative requirements. Here's what each section covers and what auditors focus on in each area.

Section 4 — Context of the Organization

Section 4 requires you to understand the internal and external factors that affect your organization's ability to meet quality objectives — things like market conditions, regulatory environment, technology changes, and organizational culture. You also need to identify interested parties (customers, employees, regulators, suppliers) and understand their relevant requirements.

In practice, most organizations skip this section or give it minimal effort. The gap assessment almost always surfaces scores of 0 or 1 here. Auditors ask for documented context analysis — a SWOT or PESTLE document, an interested parties register — and if you don't have it, that's a finding. Don't let this section be a surprise. It's one of the easiest gaps to close: a half-day workshop with leadership can produce everything you need.

Section 5 — Leadership

Section 5 is often called the "quality policy on the wall" section — but experienced auditors go much further than checking whether the policy is posted. They interview frontline employees to see if those employees know what the quality policy means and how it applies to their work. Leadership commitment isn't demonstrated by a signature on the policy document; it's demonstrated by leadership's actual behavior, their involvement in management review, and their willingness to allocate resources to quality.

When scoring Section 5, be honest about whether leadership is genuinely engaged or just nominally supportive. Organizations where the quality manager carries the entire QMS alone — with leadership "supporting" by signing off on documents — tend to score a 1 here, not a 3. That gap matters because auditors interview people, and employees tell the truth.

Section 6 — Planning

Section 6 introduces risk-based thinking — one of the defining concepts of ISO 9001:2015. You need to identify risks and opportunities that could affect your QMS, plan how to address them, and set quality objectives with measurable targets. The planning requirements aren't complicated on paper, but execution is where most organizations fall short.

The most common gap: organizations create a risk register during their initial certification push, then never update it. By the time of their first surveillance audit, the risk register reflects conditions from 18 months ago, none of the identified risks connect to quality objectives, and there's no evidence anyone has reviewed it since the certification audit. Auditors notice. Score this section based on the current state of your risk register, not the one you had at certification.

Section 7 — Support

Section 7 covers the resources that enable your QMS to function: competence (Clause 7.2), awareness (Clause 7.3), communication (Clause 7.4), and documented information (Clause 7.5). It also includes equipment maintenance and calibration (7.1.5). This is consistently the most under-documented section of the standard across every industry.

Training records, competence matrices, calibration logs, document control — all of it is auditable and all of it needs to be current. Auditors pull training records for specific employees and verify that those employees are documented as competent to perform their roles. They pull calibration records for measurement equipment used in critical processes. If the records exist but aren't current, that's a finding. If they don't exist at all, that's a major. Score Section 7 conservatively — it's the section where organizations most commonly find surprises they didn't expect.

Section 8 — Operation

Section 8 is the largest section in the standard and covers the actual operational processes of your QMS: planning and control of operations, customer communication, design and development, control of externally provided processes and products (supplier control), production and service provision, release of products and services, and control of nonconforming outputs. Each sub-clause is separately auditable.

Because Section 8 is so broad, it tends to show the widest variation in scores across organizations. A manufacturing company might score 8.5 (Production) highly but struggle with 8.4 (Supplier Control). A service company might have strong customer communication (8.2) but weak change control (8.5.6). Map each sub-clause separately in your assessment — don't average the whole section into a single score, because that masks where the real gaps are.

Section 9 — Performance Evaluation

Section 9 requires you to monitor, measure, analyze, and evaluate the performance of your QMS. The two most audited elements are internal audits (9.2) and management review (9.3). Internal audit requirements are specific: auditors must be independent from the areas they audit, audits must cover the full scope of the QMS on a planned schedule, and findings must be documented and followed up.

Management review gets more scrutiny than most quality managers expect. Auditors look for evidence that management review actually drives decisions — updated quality objectives, resource allocations, process changes — not just that a meeting was held and minutes were recorded. If your management review minutes consist of "QMS performing well, no changes needed" every year, that's not demonstrating continual improvement. Score Section 9 based on what your records actually show, not what you intend to show.

Section 10 — Improvement

Section 10 covers nonconformity, corrective action, and continual improvement. It's the most audited section in the standard — and for good reason. Your corrective action process is the most visible evidence of whether your QMS actually learns from its mistakes. Auditors pull CAPA records and trace them from the initial nonconformity through root cause analysis, corrective action implementation, and effectiveness verification.

The two most common findings in Section 10 are weak root cause analysis (writing "operator error" or "retrain operator" instead of identifying the systemic cause) and missing effectiveness verification (closing CAPAs without confirming the fix actually worked). Score this section based on the quality of your existing CAPA records, not on the process as written in your procedure.

How to Interpret Your Results

Once you've scored all 35 clauses, the Summary tab calculates section averages and an overall average. Here's how to read those numbers:

Section Averages

0.0 – 1.0

Major gaps. This section needs significant foundational work before certification is realistic. Expect 6+ months of focused effort on this section alone.

1.0 – 2.0

Foundation exists, but gaps that would result in audit findings remain. You have processes in place — they need to be formalized, documented, and consistently applied.

2.0 – 3.0

Good shape. Focus on the specific clauses below 2.5 and address any observations before the audit. This section should not be your primary concern.

Section Average	What It Means
0.0 – 1.0	Major gaps. This section needs significant foundational work before certification is realistic. Expect 6+ months of focused effort on this section alone.
1.0 – 2.0	Foundation exists, but gaps that would result in audit findings remain. You have processes in place — they need to be formalized, documented, and consistently applied.
2.0 – 3.0	Good shape. Focus on the specific clauses below 2.5 and address any observations before the audit. This section should not be your primary concern.

Overall Score & Certification Readiness

The overall average across all 35 clauses gives you a rough readiness indicator:

Below 1.5: You're 12 or more months from certification readiness. There are significant gaps across multiple sections that require sustained effort to close. This doesn't mean certification isn't achievable — it means you need a realistic timeline and a serious project plan.
1.5 – 2.0: You have the foundation of a QMS in place, but there are meaningful gaps. With focused effort and clear ownership, you're likely 6–12 months out.
2.0 and above: You're in good shape. With targeted gap closure and solid Stage 1 audit preparation, you could realistically certify within 3–6 months.

These are rough guidelines, not guarantees. Certification timelines depend on the size and complexity of your organization, the availability of internal resources, the maturity of your existing processes, and how quickly leadership can prioritize QMS work alongside operational demands. But the gap assessment score gives you a defensible starting point for that conversation.

Using the Summary Tab

The Summary tab in the Excel template displays section averages in a bar chart. Look for patterns rather than obsessing over individual clause scores. One section dragging significantly below the others tells you where to start — that's your critical path. Trying to improve everything simultaneously is how gap closure projects stall.

After you complete the assessment, convert the findings into a project plan with specific actions, named owners, and target completion dates. Every clause scored below 2 needs an owner. That person is responsible for identifying what needs to be done, doing it, and producing the evidence that proves it. The gap assessment is the diagnosis; the project plan is the treatment.

Free Gap Assessment Template (Excel)

The template is a two-tab Excel workbook designed for practical use — not for creating an impressive-looking document, but for actually running the assessment.

Tab 1 — Assessment: One row per clause, covering all 35 auditable requirements across Sections 4–10. Each row includes the clause number, the ISO requirement in plain English (no standard jargon), a score dropdown (0–3), conditional formatting that colors the cell red/orange/yellow/green based on your score, and a notes column for capturing evidence or describing the gap.

Tab 2 — Summary: Automatically calculates section averages from Tab 1 scores and displays them in a bar chart. You can see your overall score and which sections need the most work at a glance. The summary is what you bring to management review or use to build your project plan.

No formulas to maintain, no macros, no custom functions. It runs on any version of Excel. The scoring dropdowns prevent accidental values. The conditional formatting makes the pattern visible immediately — you can see a sea of orange and red without looking at a single number.

Free Gap Assessment Template

Excel spreadsheet (.xlsx) — use immediately, no sign-up required

Download Blank Template

Worked Example — ABC Precision Manufacturing

Download Example

Complete the assessment with your team — not alone. Bring in process owners for Sections 8 and 9, get honest input from supervisors on Section 7 (training and competence), and have leadership weigh in on Sections 5 and 6. A gap assessment completed by one person is a guess. One completed with cross-functional input is a baseline.

How Training Tiger Helps

The gap assessment tells you where you are. But knowing you have a Section 7 gap doesn't close it — you need tools that actually do the work. That's where Training Tiger fits in.

Section 7.2 & 7.3 Gaps — Competence, Training, and Awareness

Section 7 is consistently the most under-documented area in ISO 9001 audits, and Training Tiger is built specifically to close those gaps. Upload your procedures and work instructions, and Training Tiger automatically generates quizzes from the content — no manual question writing required. Assign training to specific employees by role, set due dates, track completion, and export records with timestamps when the auditor asks.

The training matrix shows you, at a glance, who is documented as competent to perform which tasks. When a new employee joins or a role changes, the matrix identifies what training they need. When a procedure is updated, Training Tiger automatically flags the affected employees for retraining — no manual tracking, no email chains, no hoping the right people saw the revision notice.

Section 7.5 Gaps — Documented Information

ISO 9001 Clause 7.5 requires documented information to be controlled — current revision, access control, protection against unintended alteration, distribution, and retention. Training Tiger handles document control with version management and a complete audit trail. Every revision is tracked, previous versions are archived, and you can demonstrate document control history to an auditor in seconds.

More importantly, when you publish a revised procedure, the system automatically links the update to affected employees and queues them for retraining. You don't have to manually figure out who works under that procedure and chase them down. The connection between document control and training records — the link that auditors specifically look for — is built in.

Section 8.4 Gaps — Supplier Control

Supplier qualification training and awareness are on the Training Tiger roadmap. If supplier control is a gap in your assessment, watch this space — we're building the features quality managers need to close those requirements efficiently.

The Bigger Picture

The gap assessment gives you a prioritized list of what needs to be done. Training Tiger is the execution layer for the gaps that matter most in audits — the Section 7 (Support) and Section 8 gaps related to competence, documentation, and training. These are also the gaps that take the most ongoing effort to maintain after certification, because the records need to stay current, not just exist at a point in time.

If your gap assessment shows scores of 1 or 0 in Section 7, that's exactly the problem Training Tiger solves. You don't need another spreadsheet — you need a system that manages training records, document control, and competence tracking as a continuous process, not a certification-time scramble.

Close Your Section 7 & 8 Gaps Faster

Training Tiger handles competence tracking, document control, and training records — the three areas most commonly cited in ISO 9001 audits.

Start your free 30-day trial →See all features

Key Takeaways

A gap assessment is not an audit — it's a self-assessment tool to identify where you are relative to ISO 9001 requirements. No certificates, no formal findings, no external verification.
Score each requirement 0–3 honestly. Inflating scores only delays finding real gaps until the auditor finds them for you.
A score of 3 means you could put this in front of a certification body auditor today and it would pass. If you're not sure, it's a 2.
Overall score below 1.5 typically means 12+ months to certification readiness. A score of 2.0+ means 3–6 months with focused effort.
The Summary tab shows which sections need the most work — use it to build a prioritized project plan with named owners and due dates.
Sections 7 (Support) and 10 (Improvement) are the most common sources of audit findings. Score them hard — these areas require ongoing maintenance, not just a one-time setup.
Conduct a gap assessment before every management review. It gives leadership a clear, honest picture of QMS health rather than a summary of metrics that don't connect to certification readiness.
Download this template, complete it with your team, and assign owners to every gap scored below a 2. The template is the diagnosis — the project plan is the cure.