IT Control Framework
As organizations are facing greater levels of compliance regulation, many are adopting a standards-based approach to compliance management. Embracing a comprehensive control framework provides best practice recommendations on information security management and provides a level of confidence that the organization is addressing most, if not all, compliance mandates.
IT control frameworks or standards commonly include: COBIT (Control Objectives for Information and Related Technology), ISO1779, an information security standard published by the International Organization for Standardization and the NIST (National Institute of Standards and Technology) framework.
Rsam for Standards-Based Compliance Assessment
Rsam takes aspects of each standard and converts them into measurable controls that can also be further customized to meet the specific needs of any organization. Rsam works by organizing the assessment into manageable and logical groups within the organizational hierarchy. Rsam aggregates assessment responses for each grouping, measures them against the selected standard, performs scoring and identified gaps. Once gaps and compliance violations are known, the Rsam Issue & Remediation module automates the remediation process. Dashboards provide constant progress updates and pre-built reports provide detailed and high-level view of the organization's compliance status.
While a standards-based compliance approach can be a daunting undertaking, compliance professionals recognize that automating the process with a scalable and effective GRC tool can make it more manageable. The Rsam solution for standards-based compliance helps organizations: