Gartner Briefing Simple Compliance Manager Nu Opus


Published on

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Gartner Briefing Simple Compliance Manager Nu Opus

  1. 1. SIMPLE COMPLIANCE MANAGER BRIEFING Laney Dale - Managing Partner, NuOpus LLC
  2. 2. Agenda  Company Overview  Simple Compliance Manager Overview  Market Positioning  Strategic Intent
  3. 3. Company Overview  A Brief History  Ideals  Organizational Structure
  4. 4. Company Overview – A Brief History The name NuOpus comes from the Latin word “opus” which means “work”. An opus is also a musical work. NuOpus simply means new work and was chosen because of its artistic undertones. NuOpus LLC was founded in 2008 by Laney Dale with the intent to form a small socially and environmentally focused software company that produced high quality tools for businesses. Laney Dale had previously formed the software company NewGenTek that was sold in 2006. In June 2008, the rights to the software produced by NewGenTek reverted back to Laney Dale as the initial contract was nullified. During that period, Laney was searching for his next venture and encouraged by other software entrepreneurs, he decided to get back into the software business.
  5. 5. Company Overview - Ideals NuOpus is dedicated to being a company that does the right thing both in business and our community. In 2007 founder Laney Dale moved from Los Angeles to Chapel Hill North Carolina. Laney was struck by the sense of community and focus on making the world a better place that was pervasive in the community. Ideals such as buying locally and producing green business reshaped his personal and business views. NuOpus is focused on bettering the local and global communities. NuOpus supports local businesses and people. Because of the economic downturn and sudden job losses, NuOpus has offered free certification exams and training to area residents. NuOpus is active in many charities including providing meals to the homeless. NuOpus is a green company. Reducing our footprint on the earth is important. NuOpus are almost completely paperless and utilize a virtual office environment to reduce energy usage. Additionally, the benefit of working from home allows staff to enjoy a better work life balance.
  6. 6. Company Overview - Organizational Structure We are primarily a flat organization. Currently we are a small company of only seven. While Founder Laney Dale is technically the boss, he prefers to think of himself as the cup washer. “I met Bob Young of Red Hat and LuLu once and he described himself as the head cup washer. He said that his job was to support the staff that worked for him, and he could best do this by making sure they had what they need. That struck me and I instantly changed my view of my role” said Laney Dale. We like to think of ourselves like a hive where everyone has a job to do and we all work to improve the hive as a whole.
  7. 7. Simple Compliance Manager Overview  What is Simple Compliance Manager?  History of Simple Compliance Manager  In depth  User roles  The Workspace  Creating a review  Managing multiple regulations  Supporting documents  The Dashboard
  8. 8. Simple Compliance Manager Overview What is Simple Compliance Manager? Simple Compliance Manager is a compliance management tool designed by auditors for auditors. SCM is provided as a SAAS solution and is the simplest to use tool of its kind on the market.
  9. 9. Simple Compliance Manager Overview What is Simple Compliance Manager? There are several GRC packages on the market. Most are designed from the viewpoint of the person managing a large governance project. Because of this these tools tend to have great reporting for executives, but are tedious and difficult to use. We took the approach that the tool should help and not hinder the in the trenches worker and still provide executives with the data they need to make decisions. This lead us to start by designing the work paper which is the where most of the work is done and the rest grew from that.
  10. 10. Simple Compliance Manager Overview History of Simple Compliance Manage SCM began as a tool used internally to manage multiple documents for a very large Sarbanes-Oxley review. Initially the application had only three pages and allowed auditors to work and the manager to see what passed and failed. Over the next six months many features were added and clients who saw the product asked to buy it. Laney Dale formed NewGenTek and began selling the RCS system. Initially small CPA firms were targeted and many firms like the easy to use interface. The initial development was all windows based and when the product was redesigned by NuOpus a decision was made to move to all open source products. At this time many of the pure GRC features were removed and a focus on the process of creating and managing reviews was initiated.
  11. 11. Simple Compliance Manager Overview In depth SCM is a SAAS solution built on LAMP technologies specifically: • Red Hat Linux Fedora 8 • Apache 2 • MySQL 5 • PHP 5 We chose an open source solution for several reasons including our fondness for open source and the fact that it would allow us to reduce costs and meet the needs of smaller markets.
  12. 12. Simple Compliance Manager Overview In depth - User roles SCM provides access to data based on user roles. The following user roles are available: • Administrator • Reviewer • Control Owner • Executive Owner • External Reviewer
  13. 13. Simple Compliance Manager Overview In depth - User roles Administrators have full system access. This role is. designed for users that need to administer the system. Reviewers are the standard user. Reviewers can create reviews and complete tasks. Control Owners are users that are defined in a review as a control owner. Control owners can assign tasks and manage the control itself in a review. Only the control owner can update control information such as: • Risk level • XCIDs • Control description • etc. The Executive Owner is and optional role at the review level. The Executive Owner can see reviews he owns and must approve the closing of the review and provide sign off. The External Reviewer is a read only role that can be assigned at the work paper level and is used to provide access to data for external auditors.
  14. 14. Simple Compliance Manager Overview In depth - The Workspace When users log in they are presented with a workspace. The workspace provides details about tasks that need to be completed. The workspace is dynamic and data shown depends on the users access role.
  15. 15. Simple Compliance Manager Overview In depth - The Workspace In addition to the main workspace, reviewers are presented with a second workspace focused on completing tasks and work paper management. This workspace allows the reviewer to move between work tasks more easily.
  16. 16. Simple Compliance Manager Overview In depth – Creating a review There are several ways to create a review: • Create a Quick Review • Create a review from a previous review • Create a review from a list of all controls Ideally users create quick reviews for all regular reviews to simplify the process. Quick Reviews Quick reviews are preset reviews. SCM comes with several quick reviews that cover common reviews such as: • General Information Security Review • SAP ITGC Review • Etc.
  17. 17. Simple Compliance Manager Overview In depth – Creating a review Creating a review from a previous review copies all controls, work papers, and settings from a review that had been completed in the past. This allows the user to quickly create recurring reviews and save time. To further save time control descriptions are inserted as well. No testing information is inserted. When one off or other reviews are necessary, a review can be created by choosing controls from the entire control list.
  18. 18. Simple Compliance Manager Overview In depth – Managing multiple regulations One o f the most daunting tasks for organizations that have to comply with multiple regulations is reducing the amount of work they do and tracking compliance across the multiple regulations. SCM has several tools to solve these problems. Every control is assigned a Master Control ID(MCID). In addition, users can assign Cross Reference Control IDs (XCID) to the same control. XCIDS are tied to a specific compliance effort to build compliance maps. These XCIDs are used by the compliance correlation engine to minimize work. This is accomplished in several ways. First, when a new review is initiated any controls that have been tested and passed in any review within a preset period will be flagged. The administrator can view the previous work paper and if appropriate can use that work paper for the review being created. The second efficiency occurs in reporting. SCM provides reports that list controls and which regulations they apply to as well. Specifically SCM uses this to identify areas with the greatest cross over to allow managers to focus on key areas.
  19. 19. Simple Compliance Manager Overview In depth - Supporting documents SCM supports attaching documents or evidence to work papers. In addition to attaching new evidence to a work paper, SCM also supports attaching previously used documents. When adding evidence, a list of all evidence previously associated with that MCID and the date it was attached is presented. This is useful for documents such as policies that do not change often. Additionally it allows testers to review previous evidence to detect changes.
  20. 20. Simple Compliance Manager Overview In depth - The dashboard The dashboard is designed for managers to quickly see what their compliance environment looks like and drill into data down to the lowest level if necessary. Users are presented with information that shows: • •How many controls(MCIDS) are used • How many MCIDs are currently being reviewed •The overall historical percentages of passes and failures •Links to Site reports and Remediation
  21. 21. Market Positioning  Assessment of business issues  Product Category  Competitive position  Target markets  Go-to-market strategy  Points of differentiation
  22. 22. Market Positioning - Assessment of business issues Many small and medium size businesses could benefit from a tool that would manage their compliance efforts, but cannot afford the larger tools or just do not need most of the features available. Additionally, organizations that must comply with multiple regulations and standards end up duplicating work and would benefit from a toll that could correlate compliance efforts and reduce work.
  23. 23. Market Positioning -Product category Simple Compliance Manager is a Compliance management tool designed by auditors and security professionals for auditors and security professionals. Simple Compliance Manager falls into the same category as other GRC tools, but is designed for the in the trenches worker as opposed to management. While the “Compliance Correlation” engine simplifies the management of compliance efforts, the tool focuses on the review level as opposed to the governance level.
  24. 24. Market Positioning - Competitive position Simple Compliance Manager is positioned as the simpler, faster compliance tool. SCM comes with a very extensive control and test catalog and when combined with the easiest to set up reviews, it makes the tool the simplest and fastest tool to use on the market. Users can create a new review in under 30 seconds and begin testing immediately. The built-in reviews and detailed testing plans allow inexperienced staff members to competently perform reviews. We are constantly asking people what they like and do not like about both our tool and our competitors. The one thing we noted about our competitors was that users said that creating a review was cumbersome. This lead us to developing methods for creating quick reviews.
  25. 25. Market Positioning - Target markets Simple Compliance Manager target small to midsized organizations, ideally organizations with smaller or non-existent audit groups. Our pricing reflects these markets as well. Our customers are going to be less concerned with overall governance of large compliance programs and more concerned with the actual work of compliance. We have several small CPA firms that use our product and find that it saves them a tremendous amount of time and simplifies the management of many different reviews or audits simultaneously.
  26. 26. Market Positioning - Go-to-market strategy We rely on a direct sales strategy for Simple Compliance Manager. We use a combination of advertising via online resources and direct sales calls to drive interest. When a customer is interested they can come to the website, setup a trial and then begin using the product.
  27. 27. Market Positioning - Points of differentiation Simple Compliance Manager differentiates itself from the competitions in several ways. The first being its ease of use. SCM is designed form the ground up to be very simple to use. Typically only about ten minutes of training is required for users. Pricing is another differentiator. Our flat pricing model makes the tool accessible to every organization. SCM is built on a proprietary “compliance correlation” engine. This allows us to reduce duplicate work. If a control or test applies to multiple regulation. SCM will alert users to the possible duplicate work and allow them to import the previous test results rather that reproduce the testing. Additionally, a controls history can be presented and reported on to identify recurring weak points and reduce failure rates. Another unique tool to SCM are the support pages. Support pages are attached to individual tests and can display any data the user would like. In some cases, the support pages can be used to automate testing and data gathering for items such as user lists and system configurations.
  28. 28. Support Page Screen Shot
  29. 29. Strategic Intent  The future of NuOpus  Future growth  Investment strategy
  30. 30. Strategic Intent - The future of NuOpus Over the next three years we plan to focus on our current product offerings. As a company we will focus on expanding our non-business ventures and charity work. Our focus is on building a company that we are proud to be a part of and a place we look forward to going to.
  31. 31. NuOpus LLC NuOpus LLC 761 Airport rd #107 Chapel Hill, NC 27514 919-975-2500
  32. 32. Strategic Intent - Future growth Our goal is to remain a small organization because we feel that keeping it small will allow us to maintain our culture. We will grow when necessary but plan to never grow beyond thirty employees. We will grow the business organically when necessary and leverage strategic partnerships and channel sales for many of our products. FedComp, our Medicare compliance tool will rely primarily on channel sales for instance.
  33. 33. Strategic Intent - Investment strategy NuOpus has two primary investments. Our people and our community. We invest in our employees by encouraging w better work life balance and providing profit sharing opportunities. We invest in our community through charity work and being involved in and utilize the local businesses.