Products


“The key to compliance is implementing a recognized internal controls framework, use it in conjunction with a risk-management framework to identify problems, and with an IT process management framework to implement a control environment for the IS organization .”
Gartner

Policy & Compliance Management


Today, there are over 100 regulations in the U.S. alone that focus on information security and availability, and that number continues to grow. Some leading examples of these include:

  • Sarbanes-Oxley Act requires effective IT controls and processes for validating the integrity of annual financial reports.
  • Payment Card Industry (PCI), including MasterCard SDP and Visa CISP mandate the protection of customer information residing with merchants, to keep it safe from hackers, viruses and other potential security risks.
  • FISMA requires that federal agencies establish risk-based information security programs to secure federal information.
  • HIPAA regulates the security and privacy of health data, including patient records and all individually identifiable health information.
  • GLBA requires IT controls to maintain the confidentiality and privacy of consumer financial information.
  • CA SB 1386 mandates that organizations doing business in California report any cyber security breaches that may have comprised customer information.
  • North American Electric Reliability Council's Critical Infrastructure Protection (NERC CIP) standards establish minimum security requirements for IT assets managing daily operations for Utilities.

The Challenge

Most organizations take a silo-based approach to complying with these initiatives, where each compliance effort is approached individually. However, many of the controls that need to be defined, assessed and enforced are common across these regulations.
A silo-based approach leads to redundant, inefficient compliance efforts, significantly increasing the cost of compliance.  In addition, companies have realized that as the number and scope of compliance requirements grow, sheer complexity of assessing multi-regulatory compliance with a large number of overlapping controls becomes a challenge, if not impossible to test and manage.

The Solution – Risk and Compliance Resiliency

Using the Agiliance IT-GRC 3.0 Common Control Framework, control-based frameworks such as ISO 17799/27001, COBIT and NIST and industry regulations and mandates are mapped to a single common set of IT controls and security policies for the organization. 

Common Control Framework Flowchart
The result is a powerful engine for ensuring:

  • Elimination of the silo-based approach to IT compliance.
  • Dramatic cost reduction for testing, mitigation, reporting, and monitoring; each compliance cycle results in lower operating costs due to ongoing increases in efficiencies.
  • Decreased time-to-compliance with an off-the-shelf common controls library containing built-in content providing customers a flying start in identifying required controls.
  • Controls are tested once and comply to all regulations simultaneously.
  • Automatic updates of controls and regulatory requirements as needed.

“If the SEC is one of 370 regulators for a global bank - to approach each regulatory program individually would eat up all the profits. As regulatory regimes proliferate, a comprehensive compliance program keeps regulations from depressing earnings.”
- Gartner

Top of Page

Live Demo Sign Up