The EKVA Gap Assessment is a preliminary conformity assessment service for organizations preparing to meet the requirements of the National Industrial Security Regulation (EKVA), as ratified by Decision Φ.120/402565/Σ.3497, Government Gazette B’ 4071/22.09.2020. 

It is a pre-audit type service conducted prior to the official inspection by the competent authorized body or authority, aiming to identify gaps and weaknesses in relation to industrial security requirements. 

The service supports organizations in structuring their documentation, physical security, and organizational controls, reducing the risk of delays or failure during the official evaluation for the issuance of a Facility Security Clearance (FSC). 

What is the EKVA Gap Assessment 

The EKVA gap assessment is a gap analysis process performed before the official conformity assessment. It does not constitute the official evaluation nor does it replace the audit conducted by the competent authority. Instead, it serves as a preparatory readiness check, enabling the organization to clearly understand which requirements are met and which are not, prior to entering the formal process. 

It is particularly useful when an organization is about to gain access to Classified National Information and Materials (CNIM), participates or intends to participate in projects with industrial security requirements, prepares for an FSC application, or undergoes restructuring of facilities, processes, and security roles. 

In practical terms, the gap assessment reduces the risk of failure during the official inspection by identifying compliance gaps in advance across documentation, infrastructure, and operational implementation. 

Organizations Subject to EKVA Requirements 

EKVA applies to economic operators that gain access to Classified National Information and Materials (CNIM). This includes organizations involved in defense projects, research programs with security requirements, contracts involving classified information, or projects requiring structured protection of classified information and materials. 

In practice, the gap assessment is addressed to suppliers, contractors, industrial companies, technology organizations, and entities seeking participation in international tenders or collaborations where industrial security requirements apply. 

If your organization must demonstrate adequate facilities, controlled access, proper handling of classified materials, and clearly defined security responsibilities, this service is directly relevant. 

Scope of Assessment and Methodology 

The service is conducted using an audit-style methodology based on the requirements of EKVA (Government Gazette B’ 4071/22.09.2020), supported by a practical readiness checklist. 

The scope covers:

  • Physical security of facilities 
  • Access control mechanisms 
  • Visitor management 
  • Storage areas and secure handling of materials 
  • Protection and traceability of records 
  • Management of classified documents 
  • Internal security policies and procedures 

The EKVA regulatory framework includes specific chapters on physical security, CNIM protection, industrial security inspections, and requirements for FSC issuance. 

Based on the checklist, the methodology may include: 

  • Initial scoping (e.g., facility-only or facility plus CIS scope) 
  • Desk review of documentation 
  • Request list of supporting evidence 
  • On-site inspection 
  • Verification of implementation in practice 
  • Interviews with management, security officers, facility, HR, and IT personnel 

Findings, Risk Assessment and Corrective Actions 

The output of the gap assessment is not merely a list of observations. Compliance gaps are prioritized to clearly distinguish critical blockers from improvement points. Each finding may include an assessment of likelihood and impact, following a practical risk-based approach. The organization then implements corrective and organizational measures such as: 

  • Updating documentation 
  • Strengthening physical security controls 
  • Defining roles and responsibilities 
  • Improving document traceability 
  • Enhancing visitor procedures and access control 

A follow-up verification of corrective actions may be performed by QMSCERT. 

Benefits and Outcomes 

The service contributes to reducing preparation time for obtaining a Facility Security Clearance, as weaknesses are identified and prioritized before the official audit. It also strengthens internal risk management by clarifying roles, responsibilities, documentation, and the actual implementation of security measures. Furthermore, it increases the likelihood of a successful certification outcome and enhances the organization’s ability to participate in projects and tenders where compliance with EKVA (Government Gazette B’ 4071/22.09.2020) is a key requirement. 

Duration, Deliverables and Preparation 

The duration depends on the size of the organization, the number of facilities, whether CIS systems are included, and the maturity level of documentation. Key deliverables include:

  • Detailed findings report 
  • Gap analysis matrix 
  • Evaluation of corrective actions prior to the official inspection 

Frequently Asked Questions (FAQ) 

It begins with an initial identification of requirements and a clear understanding of the scope, facilities, roles, and whether Classified National Information and Materials (CNIM) are handled only in physical form or also through Information Systems (CIS).

Typically, the organization is expected to provide corporate information, project or contract details, security policies, access control procedures, a facility security plan, defined security roles, and relevant implementation records.

The competent authorities define the regulatory framework and are responsible for the official assessment or approval of compliance, where required under the applicable regulatory provisions.

The most common causes include incomplete documentation, unclear scope definition, insufficiently defined security procedures, and gaps between documented procedures and their actual implementation in practice.

Contact QMSCERT for EKVA Gap Assessment 

If your organization is preparing for compliance with EKVA and for the official inspection by the competent authority, QMSCERT can support you with a targeted gap assessment prior to the evaluation. Contact us for an initial assessment of your needs, tailored to your scope, facilities, and current level of compliance.