Compliance Management
Strategy | Governance | Improvement
The compliance management consists of the central control library, which serves as the basis for audits and assessments, as well as for templates. The centrally managed control library of 360inControl® consists of comprehensive best practice controls aligned with the following standards and frameworks. So you can start directly.
The best practice controls include requirements from the following standards:
- ISO 9001
- ISO 27001 / ISO 27002 / ISO 27005
- ISO 22301 Security and resilience – Business Continuity Management systems
- COBIT
- CIS Controls
- ITIL
- PCI DSS
- AICPA TSP (SOC Reporting)
- Transparency International – Business Principles for Countering Bribary
- General Data Protection (GDPR)
- HIPAA Standard Reference Table
With the intelligent filter functionality, a wide variety of use cases can be created in a few seconds.
Example for integrated Use Cases:
- Vendor assessments (with dedicated access)
- Mergers & Acquisitions
- Self-assessments for organizations, projects, data protection evaluation etc.
- Recurring assessments (e. g. for regular access authorization)
- Preparation for any kind of certification
- Internal and external audits
- …more
The control library can be extended with company-specific controls, additional frameworks or existing controls can be easily adapted. Controls can be defined with maturity levels according to CMMI.
Upload of company specific standards/controls
For example:
- TISAX (Trusted Information Security Assessment Exchange)
- ISO Standards
- SCF | Secure Controls Framework
- …more
360inControl® and the SCF Framework – The powerful combination!
The SCF is a metaframework – a framework of frameworks.
The SCF has the ambitious goal of providing free cybersecurity and privacy control guidance to cover organizations’ strategic, operational, and tactical needs, regardless of their size, industry, or country of origin.
The SCF team has identified and analyzed over 100 legal, regulatory, and contractual frameworks. Controls within SCF include references to the respective standards.
The SCF is designed to empower organizations to design, implement and manage both cybersecurity and privacy principles to address strategic, operational and tactical guidance. It is far more than building for compliance – we know that if you build-in security and privacy principles, complying with statutory, regulatory and contractual obligations will come naturally.
Contact us and we will provide the controls relevant to you from the SCF framework in 360inControl®.
CISS LTD is an official licensee of the BSI IT-Grundschutz
Within a short time, we can provide you with BSI IT-Grundschutz in your 360inControl® account. The licensing of the BSI IT-Grundschutz is done via 360inControl®.
The BSI IT-Grundschutz can be used in combination with the managed control library of 360inControl®. Thus, you can use the advantages of the managed control library with its defined use cases as well as the advantages of the BSI IT-Grundschutz for your company.
BSI IT-Grundschutz is a method, guide, recommendation, and self-help for public authorities, companies, and institutions to secure their data, systems, and information.
The holistic approach to information security is central: In addition to technical aspects, infrastructural, organizational, and personnel issues are considered. This enables a systematic approach to identify and implement necessary security measures. You can implement an information security management system (ISMS) based on BSI IT-Grundschutz.
BSI Standard 200-1 is compatible with ISO Standard 27001 and considers the recommendations of other ISO standards such as ISO 27002. The BSI standards are an elementary component of the BSI IT-Grundschutz methodology:
- 200-1 Management for Information Security (ISMS)
- 200-2 IT-Grundschutz-Methodik
- 200-3 Risk Management
- 200-4 Business Continuity Management
Key functionality of the integrated Audit and Assessment Module:
- Create, perform and manage audits and assessments
- Plan recurring audits and assessments
- Logical assignment of work packages for audit participants
- Easy template creation
- Integrated action management
- Instant reporting
The Compliance Management is connected with the following modules:
Audit & Assessment Management
Create audits/assessments and templates immediately from the control library.
Get in touch!
CISS LTD
Hollenweg 19 | 4105 Biel-Benken | Switzerland
info@360incontrol.ch
+41 44 585 12 25
