The Gap Assessment evaluates your organisation's current ECC implementation against the full set of 114 controls. It produces a domain-by-domain compliance breakdown and prioritised remediation recommendations.
Running a Gap Assessment
From the ECC sidebar, click Gap Assessment. If you have run previous assessments, the most recent results are displayed by default.
Click "New Assessment". Enter a title (e.g. "Q1 2026 ECC Gap Assessment") and optional notes describing the assessment scope or context.
The assessment wizard walks you through each of the 5 ECC domains. For every control, confirm the implementation status and provide evidence references. Controls already marked as Implemented are pre-filled.
After completing all domains, Venvera calculates your overall compliance score and generates a domain breakdown chart.
Understanding the Scores
| Score Range | Rating | Interpretation |
|---|---|---|
| 90 – 100% | Compliant | Organisation meets ECC requirements. Minor improvements may be needed. |
| 70 – 89% | Substantially Compliant | Most controls implemented but gaps remain that require remediation. |
| 40 – 69% | Partially Compliant | Significant gaps exist. Prioritise remediation of critical domains. |
| 0 – 39% | Non-Compliant | Substantial work required. Engage leadership and allocate resources urgently. |
Domain Breakdown
The results page shows a breakdown for each of the 5 main ECC domains:
- Cybersecurity Governance — Policies, roles, risk management, awareness programmes
- Cybersecurity Defence — Technical controls: IAM, encryption, network security, data protection
- Cybersecurity Resilience — Business continuity, disaster recovery, vulnerability management
- Third-Party Cybersecurity — Cloud, outsourcing, and managed services controls
- Industrial Control Systems — OT/ICS-specific controls (mark N/A if your scope excludes ICS)
Remediation Plan
Click "Generate Remediation Plan" to create an actionable list of gaps sorted by priority. Each gap includes:
- The control ID and requirement description
- Current status and the target state
- Suggested remediation steps
- Recommended owner and timeline