Controls assurance & compliance:
Don’t think — know your risk
It’s not enough to just have controls in place. Strong risk management
means knowing whether those controls are operationally effective.
What does ‘good’ look like?
A good controls assurance and compliance program results in controls remaining effective in delivering their objectives. In turn, businesses demonstrate compliance with policy, standards and regulations.
- Risks are kept within tolerance by effective controls.
- Compliance is effective, efficient and continuous.
- Spending is optimized.
- Investments are justified and comprehensible.
- Decision-making regarding controls is risk-informed.
- Risk management is integrated across multiple disciplines.
Datasheet
Controls assurance & compliance
Controls assurance is a crucial part of effective risk management. It provides evidence to management that mitigating controls have been designed effectively and are operating sufficiently within the tolerances set by management. STREAM provides quantifiable performance indicators or metrics against which targets can be set and measured. This is an effective way of determining a control’s effectiveness. STREAM provides other assessing factors, such as ownership, reliability, evidence and documentation, that indicate if the control is fit for purpose.
Processes and features
Controls assurance and compliance are ongoing processes, not one-time activities. Here are some of the steps involved in controls assurance and compliance using STREAM.
Assess the controls
Flexible and configurable schemes to assess and quantify the effectiveness of controls, including automatic assessment of linked controls.
Determine relevance
Make sure that the controls are effective as applied to business assets, including people, processes, technology and vendors.
Continuously monitor
Automatically import assessments and metrics data from third-party applications for continuous controls monitoring.
Generate reports on demand
Compliance reporting can be generated with pre-configured content and mappings for frameworks such as ISO 27001, GDPR, PCI-DSS and NIST, as well as uploads of custom policies and standards.
Accumulate evidence
Continually gather evidence to demonstrate your diligent, risk-based approach to compliance to minimize regulatory fines and reputational damage following a breach.
Establish accountability
Detail accountability for controls assurance and compliance with scheduling, tracking and workflow to address any control weaknesses.
Integrate controls assurance with other risk Applications
Seamlessly integrate controls assurance and compliance with other applications — ineffective controls can signal higher risks while incidents can signal controls failures.
Plan controls investments based on ROI
Use ROI-based analysis and risk-based prioritization for controls investments and improvements.