As an ordinary part of business, customers, government, regulatory bodies or industry associations often place requirements upon businesses that call for the implementation of a process that meets those requirements on an ongoing and demonstrable fashion. In addition, a variety of similar conditions that have some overlap or conflict commonly face businesses, making it difficult to figure out the best way to address those needs. We can help you design, build and manage your compliance program.
Some of the common requirements that we see imposed on our customers are as follows:
- SSAE 16 / SOC 1
- SOC 2
- State Privacy Laws
- Customer Imposed Requirements
The ability to successfully navigate each of these components can be daunting and time consuming when it is not something that you work with on a day-to-day basis. Additionally, it may not be cost effective for your business to delegate these tasks to your employees who would rather be focused on growing your business’s products and services. In many cases, it can also be cost-effective – as well as stress relieving – to outsource the management of your compliance program. Over the years, we have built numerous Compliance Management programs tailored to our clients’ needs as well as for their planned growth.
Therefore, our approach to building Compliance Management programs is relatively straight forward and has a primary goal of making our clients’ lives easier. The three phases of our approach are:
- Our initial consultation allows us to get a high level understanding of the business and compliance needs of our clients. This will include a few questions to get an understanding of the relative process maturity for performing compliance functions.
- The next step in our process is to perform a deeper dive (typically by traveling to our clients’ location) to get a full understanding of their business processes and to see actual evidence of the current state of the environment.
- To conclude this phase, we develop a road map of processes to implement, improve or better document in order to reach our clients’ compliance goals.
- Here we focus on assisting with the implementation items that are identified on our road map from the previous phase. We offer a level of assistance that matches our clients’ needs, as some clients just want to be guided while others need us to take care of everything on their behalf.
- The first item that we usually address is implementing (or improving existing) Policies, Procedures and Standards. These sets of documents provide a framework for the Compliance Management program and set the tone for the overall program implementation. During the initial review of these documents, there’s often dialog to identify the best way to meet our clients’ compliance requirements while allowing them to focus on their business without being overly burdened.
- We typically implement or improve the following processes:
- Risk Assessment Processes
- Logical Access and User Management Processes
- Program Change Management Processes
- Customer and Incident Management Processes
- Vulnerability Identification and Remediation Processes
- Security Training and Awareness Processes
- Vendor Compliance Management Processes
- Security Monitoring Processes
- SIEM Implementation
- Penetration Testing
- Change Monitoring Processes
- As part of the implementation of new processes, we will identify and train control owners and participants on their duties for the successful operation of the new process.
- Throughout implementation, there are many aspects of the program that require ongoing attention and monitoring:
- Confirmation that procedures are followed and well documented.
- For client-operated processes, we will perform monitoring of the processes to confirm that they are functioning as designed.
- In addition, when undergoing an audit, we can act as the primary interface and liaison to the auditor so our clients can continue running their business. As former auditors, our clients can rest easy knowing that we can handle the process efficiently and effectively.
- One of the best ways to maintain a compliance management program is to make use of a Governance, Risk and Compliance (GRC) tool. We partner with Eramba to provide this GRC platform.
To learn more about our Compliance Management Programs, please Contact Us!