Compliance Mapper Capabilities and Benefits

Methodologies Built into Compliance Mapper

  • Privacy compliance (inc. ISO 29100)
  • CyberSecurity (NIST CyberSecurity Framework, NYDFS, FINRA, PAS 555, CIS Controls , G7 Fundamental Elements of CyberSecurity for the Financial Sector and SEC CyberSecurity Guidelines)
  • Financial Services (banking) alignment and compliance
  • Healthcare compliance (HIPAA)
  • Policy Gap Analysis (mapped to specific control libraries and regulatory requirements
  • Sarbanes Oxley compliance
  • IT and Enterprise Security Process Model
  • Payment Card Industry compliance (PCI/DSS)
  • Smart Grid – NIST alignment and compliance
  • Corporate Governance models
  • IT Governance models
  • Security Governance models
  • Business Continuity Models
  • Business Impact Analysis (BIA)
  • Gap Assessments/Second Party Assessments model
  • Projects for International standards implementations ISO 27001/ISO 20000/ISO 22301/ISO 31000/ISO 17025/ISO 9001/ISO 14001/BS OHSAS 18001/ISO 45001 – ISO 27017 and ISO 27018
  • Risk Management and Assessment models including inherent risk
  • NIST and Federal requirements models based on NIST 800-53
  • Model for Utilities and Telecom NERC CIP compliance
  • Data Vault Modeling
  • Vendor Management and Resilience
  • Compliance Management based on ISO 19600
  • Software Asset Management
  • Secure Development Lifecycle (SDL)
  • Content Alerting
  • Regulatory Change Management
  • Interface to IBM OpenPages
  • Extensive Mappings from Policies/Processes providing line of sight across multiple regulatory frameworks

Questions Compliance Mapper Will Answer:

  • Does your organization manage compliance and regulatory requirements with multiple documents stored in different locations or do you rely on the undocumented knowledge of a few resources? (Policy and Document Management)
  • Does your organization need to comply with multiple regulations, standards and best practices? (Compliance Management)
  • Do you have a strategy that includes risk models and continuous assessments to ensure compliance? (Risk Management)
  • Is your organization currently compliant and up to date? (Audit Management)
  • How do you link these to policies and procedures?
  • If you turn off a control or add a new infrastructure, do you know what effect it has on other regulations and standards?
  • Have you implemented controls that had no business value but ended up costing the organization money?
  • Can you reference the latest documents?

Compliance Assessments & Combined Streamlined Reports Have Many Benefits

  • Insight into multiple overlapping regulations
  • Proof of compliance to auditors and executives
  • Faster completion of audit and administrative work
  • Helps to prioritize and target areas of unique risk for department managers
  • Identifies and highlights critical issues that need immediate attention
  • Enhances work flow and enforcement of remediation efforts