Gap Analysis
All unsatisfied requirements across your active certifications, with Nopal suggestions to help close gaps.
Total Gaps
36
With Suggestions
4
Cross-Cert Overlaps
1
Cross-Certification Overlaps
These entries satisfy requirements across multiple certifications — maximizing your evidence reuse.
Unsatisfied Requirements (36)
Conduct annual employee satisfaction surveys with published results.
Documented waste reduction and recycling program.
Mechanism for collecting and managing user consent.
PIAs conducted for new products, features, or data processing activities.
Evidence that the board reviews ESG performance at least quarterly.
Written policy considering impact on all stakeholders, not just shareholders.
Public disclosure of CEO-to-median-worker pay ratio.
Formal anti-corruption and anti-bribery policy in place.
Verify all employees earn at least a living wage for their region.
Structured training and development opportunities for all employees.
Documented workplace safety standards and incident reporting.
Track and report workforce diversity data annually.
Documented preference for local and diverse suppliers.
Structured volunteer or community service program for employees.
Donate at least 1% of revenue or profits to charitable causes.
Written code of conduct required for all major suppliers.
Annual assessment of company's impact on local community.
Plan or commitment to transition to renewable energy sources.
Formal environmental management system (e.g., ISO 14001 aligned).
Track and report water consumption with reduction targets.
Policy prioritizing environmentally sustainable products and services.
MFA required for all employee accounts and admin access.
All sensitive data encrypted using AES-256 at rest and TLS 1.2+ in transit.
Regular vulnerability scanning and patching within defined SLAs.
Documented incident response plan with defined roles and escalation.
Annual penetration testing by qualified third party.
Published SLA with defined uptime targets (e.g., 99.9%).
Documented DR plan with RTO and RPO targets.
Regular backup testing and restoration verification.
Documented capacity planning process with monitoring.
Formal data classification scheme (public, internal, confidential, restricted).
Policy defining retention periods and secure disposal methods.
All employees and contractors sign confidentiality agreements.
DLP controls to prevent unauthorized data exfiltration.
Up-to-date privacy policy accessible to all users.
Process for handling access, correction, and deletion requests.