Controls assurance & compliance:
Don’t think — know your risk

It’s not enough to just have controls in place. Strong risk management
means knowing whether those controls are operationally effective.

What does ‘good’ look like?

A good controls assurance and compliance program results in controls remaining effective in delivering their objectives. In turn, businesses demonstrate compliance with policy, standards and regulations.

  • Risks are kept within tolerance by effective controls.
  • Compliance is effective, efficient and continuous.
  • Spending is optimized.
  • Investments are justified and comprehensible.
  • Decision-making regarding controls is risk-informed.
  • Risk management is integrated across multiple disciplines.

Datasheet

Controls assurance & compliance

Controls assurance is a crucial part of effective risk management. It provides evidence to management that mitigating controls have been designed effectively and are operating sufficiently within the tolerances set by management. STREAM provides quantifiable performance indicators or metrics against which targets can be set and measured. This is an effective way of determining a control’s effectiveness. STREAM provides other assessing factors, such as ownership, reliability, evidence and documentation, that indicate if the control is fit for purpose.

Processes and features

Controls assurance and compliance are ongoing processes, not one-time activities. Here are some of the steps involved in controls assurance and compliance using STREAM.

assess-the-controls

Assess the controls

Flexible and configurable schemes to assess and quantify the effectiveness of controls, including automatic assessment of linked controls.

determine-relevance

Determine relevance

Make sure that the controls are effective as applied to business assets, including people, processes, technology and vendors.

continuously-monitor

Continuously monitor

Automatically import assessments and metrics data from third-party applications for continuous controls monitoring.

generate-reports-on-demand

Generate reports on demand

Compliance reporting can be generated with pre-configured content and mappings for frameworks such as ISO 27001, GDPR, PCI-DSS and NIST, as well as uploads of custom policies and standards.

accumulate-evidence

Accumulate evidence

Continually gather evidence to demonstrate your diligent, risk-based approach to compliance to minimize regulatory fines and reputational damage following a breach.

establish-accountability

Establish accountability

Detail accountability for controls assurance and compliance with scheduling, tracking and workflow to address any control weaknesses.

integration

Integrate controls assurance with other risk Applications

Seamlessly integrate controls assurance and compliance with other applications — ineffective controls can signal higher risks while incidents can signal controls failures.

plan-security-investments-based-on-ROI

Plan controls investments based on ROI

Use ROI-based analysis and risk-based prioritization for controls investments and improvements.