Every organization does have a risk management team. The Gap Analysis of the security programs is exclusively designed to assist all the organizations in obtaining the best results in obtaining the regulation that is appropriate for the firm. The risk and gap assessment comprises of a set of questions for every section of the required document. Then the summary report is crafted on the basis of the answers and the organization’s current level is determined. The gap analysis is another process where the team determines and creates documents of the variance between the existing policy and what it should have been. The risk based management when completes the engagement of numerous guidelines and practices gives the best solutions for the firm.