ControlCase, profile picture
Uploaded byControlCase
PPTX, PDF759 views

Integrated Compliance Webinar.pptx

1. The document introduces ControlCase, a provider of certification and compliance services that helps organizations achieve multiple certifications through a single audit process using common domains and evidence, reducing time and costs significantly. 2. Maintaining compliance with multiple standards like PCI, ISO, SOC 2, and HIPAA can be challenging due to differences in terminology, documentation needs, and assessment processes across standards. 3. ControlCase's single compliance framework approach streamlines compliance by using common definitions, documentation, tooling, assessments, and maintenance across all standards.

Embed presentation

Downloaded 52 times
AND AN INTRODUCTION TO THE CONTROLCASE ONE AUDIT™BOOTCAMP YOUR IT COMPLIANCE PARTNER GO BEYOND THE CHECKLIST Integrated Compliance
KISHOR VASWANI Chief Strategy Officer ControlCase ED AMOROSO Founder and CEO TAG Cyber Our Speakers © ControlCase. All Rights Reserved. 2
TAG Cyber is a trusted cyber security research analyst firm, providing unbiased industry insights and recommendations to security solution providers and Fortune 100 enterprises. Founded in 2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-for-play research by offering in-depth research, market analysis, consulting, and personalized content based on hundreds of engagements with clients and non-clients alike—all from a former practitioner perspective. . Introduction © ControlCase. All Rights Reserved. 3 ControlCase is a global provider of certification, cyber security and continuous compliance services. ControlCase is committed to empowering organizations to develop and deploy strategic information security and compliance programs that are simplified, cost effective and comprehensive in both on-premise and cloud environments. ControlCase offers certifications and a broad spectrum of cyber security services that meet the needs of companies required to certify to PCI DSS,HITRUST, SOC 2 Type II, ISO 27001, PCI PIN, PCI P2PE, PCI TSP, PA DSS, CSA STAR, HIPAA, GDPR, SWIFT and FedRAMP.
ControlCase One AuditTM Bootcamp © ControlCase. All Rights Reserved. 4 Register free at www/controlcase.com/courses 2-hours, on-demand The Bootcamp introduces the concept of achieving multiple certifications at once, called “One Audit”, via our proprietary compliance process, resulting in significant savings and efficiencies.
ControlCase Introduction Challenges Of Multiple Compliance Standards Advantages Of A Single Compliance Framework Using Common Domains And References Unified Evidence Processing Establishing A Program Of On-going Compliance Introduction to the ControlCase One AuditTM Bootcamp Agenda © ControlCase. All Rights Reserved. 5 1 2 3 4 5 6 7
CONTROLCASE INTRODUCTION 1 © ControlCase. All Rights Reserved. 6
ControlCase Snapshot © ControlCase. All Rights Reserved. 7 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 275+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
Solution © ControlCase. All Rights Reserved. 8 Certification and Continuous Compliance Services “ I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
PCI DSS ISO 27001-2 SOC 1,2,3,& Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FISMA PCI 3DS Certification Services © ControlCase. All Rights Reserved. 9 “ You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant
ControlCase Compliance Hub® © ControlCase. All Rights Reserved. 10
CHALLENGES OF MULTIPLE COMPLIANCE STANDARDS 2 © ControlCase. All Rights Reserved. 11
PCI DSS HIPAA SOC2 ISO 27001 • PCI DSS Language • PCI DSS References • PCI DSS Process • HIPAA Language • HIPAA References • HIPAA Process • SOC2 Language • SOC2 References • SOC2 Process • ISO Language • ISO References • ISO Process Challenges of Multiple Compliance Standards © ControlCase. All Rights Reserved. 12 ENTERPRISE SECURITY AND COMPLIANCE TEAM Support PCI DSS Support HIPAA Support SOC2 Support ISO
Supporting Multiple Compliance Standards • FRAMEWORK TRAINING Security teams must be trained on each of the compliance standards. • DOCUMENTATION Compliance documentation will vary between standards. • PLATFORM TOOLING GRC platform tooling must include support for all frameworks. • ASSESSMENT FEES Pre and post assessments are required for each standard. • STANDARD MAINTENANCE Security teams must track changes in standards. © ControlCase. All Rights Reserved. 13
ADVANTAGES OF A SINGLE COMPLIANCE FRAMEWORK 3 © ControlCase. All Rights Reserved. 14
Language / References / Process Language / References / Process Language / References / Process Language / References / Process ENTERPRISE SECURITY AND COMPLIANCE TEAM Advantages of a Single Compliance Framework © ControlCase. All Rights Reserved. 15 Streamlined Compliance Support Support PCI DSS Support HIPAA Support SOC2 Support ISO 1 COMPLIANCE FRAMEWORK
Supporting a Single Compliance Framework • FRAMEWORK TRAINING Security teams must be trained on 1 framework. • DOCUMENTATION Compliance documentation is simplified to 1 format. • PLATFORM TOOLING Compliance platform tooling can be greatly reduced. • ASSESSMENT FEES Pre and post assessments can focus on a single framework (e.g., questionnaire). • STANDARD MAINTENANCE Teams no longer need to track changes in all standards. © ControlCase. All Rights Reserved. 16
USING COMMON DOMAINS AND REFERENCES 4 © ControlCase. All Rights Reserved. 17
Using Common Domains and References © ControlCase. All Rights Reserved. 18 TERMINOLOGY Common references are required to ensure consistency across all compliance activity. Examples: DEFINITIONS Common explanations are required to avoid gaps in interpretation between different compliance tasks. CONCEPTUAL MODEL Compliance teams must maintain a common underlying conceptual model of how data is collected, generated, processes, stored, and shared. • Asset • Attackers • Availability • Confidentiality • Control • Function • Incident • Integrity • Policy • Security Goal • Stakeholder • Threat • Vulnerability
UNIFIED EVIDENCE PROCESSING 5 © ControlCase. All Rights Reserved. 19
Accurate Collection of Control Evidence © ControlCase. All Rights Reserved. 20 Definition Controls are those functional, procedural, or policy-based mechanisms that ensure proper operation with desired framework requirements. Identification of controls for security and privacy can be performed in multiple ways: DOCUMENTS: • Use of documented functions, procedures, and policies. DISCUSSIONS: • Use of discussions with principals and practitioners. SYSTEM SCANNING: • Use of automated control discovery tools. SECURITY MANAGEMENT: • Use of log review and other security procedures.
On-Going Reference Mapping to Frameworks © ControlCase. All Rights Reserved. 21 Definition A mapping, in the context of security and privacy, involves establishing a relationship between a control and the corresponding framework requirements. Framework mappings can be performed for security and privacy frameworks in multiple ways: MANUAL: • Humans can use spreadsheets and other tools to perform mappings AUTOMATED: • Platforms can relate controls to framework requirements CONTINUOUS: • Automation enables continuous compliance mappings
ESTABLISHING A PROGRAM OF ON-GOING COMPLIANCE 6 © ControlCase. All Rights Reserved. 22
Cost and Time Savings © ControlCase. All Rights Reserved. 23 NORMAL TIME SPENT BY CUSTOMER ON COMPLIANCE & CERTIFICATION (OF 1 ENVIRONMENT WITH 4 PARALLEL CERTIFICATIONS) PCI DSS ISO 27001 SOC2 HIPAA TOTAL Compliance / Evidence Collection 400 hrs. 400 hrs. 400 hrs. 400 hrs. 1,600 hrs. Certification Support 150 hrs. 150 hrs. 150 hrs. 150 hrs. 600 hrs. EVIDENCE COLLECTION & COMPLIANCE TOTAL Time Saved through ControlCase Multi-Regulation Mapping/One Audit™ 900 hrs. Time Saved through Control Case Automation 350 hrs. Total time spent on evidence collection by using another auditor 1,600 hrs. Total time spent on evidence collection partnering with ControlCase 350 hrs. CERTIFICATION SUPPORT TOTAL Total time spent on certification support using another auditor 600 hrs. Total time spent on certification support partnering with ControlCase 600 hrs. * Based on 1 environment with 4 parallel certifications (PCI, ISO, SOC2, HIPAA). TOTAL TIME SPENT ON COMPLIANCE & CERTIFICATION USING ANOTHER AUDITOR 2,200 hrs.* TOTAL TIME SPENT ON COMPLIANCE & CERTIFICATION IN AWS BY PARTNERING WITH CONTROLCASE 950 hrs.* TOTAL TIME SAVED ON COMPLIANCE & CERTIFICATION BY PARTNERING WITH CONTROLCASE 1,250 hrs.*
One Audit™ Approach and Timeline MONTH MONTH MONTH MONTH MONTH MONTH Regulation 1 Regulation 2 Consolidated Pre-Assessment Pre-assessment of regulations using the ControlCase Compliance Hub® platform and Integrated Questionnaires. Real-time Progress Reports and Management Dashboards Audit Report or Attestation of Compliance © ControlCase. All Rights Reserved. 24 1 2 3 4 5 6
PCI DSS ISO 27001 SOC 2 HIPAA Approach and Timeline per Regulation © ControlCase. All Rights Reserved. 25 Condensed Audit Questions 250+ Questions reduced to less than 99 Iterative Approach Partnering with you to get it done Timely Results Average delivery cycle of 3 months Compliance Attestation Sealed, signed, and delivered service Ongoing Monitoring Makes compliance business as usual 1 2 3 4 5 Onsite Audit (2-5 days) Onsite Audit (1-3 days) Certificate Issued Surveillance Audit (1-3 days) Surveillance Audit (1-3 days) 1 2 Mandatory 10 days between Stage 1 & 2 Audit YEAR 1 YEAR 2 YEAR 3 Kick-off Call w/ Intro Scoping Accept — Pass 50% Evidence Upload Accept — Pass 100% Evidence Upload Accept — Pass CPA Evidence Review Final Assertion and Management Representation Letters and SOC 2 Report Delivery 2 3 4 1 Technical Evidence Collection Kickoff Policy and Procedure Review Iterative Review, Remediation Support and Assessment Documentation and Report Delivery 1 2 3 4
Certification Process (After Passing Compliance) © ControlCase. All Rights Reserved. 26 PCI DSS HIPAA ISO 27001 SOC2 TYPE 2
CONTROLCASE ONE AUDITTM BOOTCAMP INTRODUCTION 7 © ControlCase. All Rights Reserved. 27
ControlCase One AuditTM Bootcamp © ControlCase. All Rights Reserved. 28 https://www.controlcase.com/courses/one-audit-bootcamp/
ControlCase One AuditTM Bootcamp ASSESS ONCE, COMPLY TO MANY: PCI DSS, HIPAA, SOC2, & ISO 27001 ControlCase has pioneered a strategy to streamline compliance by creating a set of common domains and references for evidence collection and processing to optimize productivity. This course is an introduction to that strategy. OVERVIEW: This 2-hour on-demand course is geared toward IT professionals and is appropriate for many practitioner roles. The delivery of this self-paced course includes video lectures, real audit question demonstrations, and knowledge check questions throughout, with a certificate document provided at the conclusion of the course. THIS COURSE WILL: • Familiarize you with common IT Security Standards: PCI DSS, HIPAA, SOC 2 & ISO 27001. • Explain at a high level the concept of integrated compliance. • Show you an overview of the One Audit™ Process. • Walk you through specific examples of questions that have been mapped to multiple standards. • On completion of the course, you will receive a One Audit™ Certificate of course completion. © ControlCase. All Rights Reserved. 29
THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com contact@controlcase.com ControlCase One Audit BootcampTM Registration Schedule Compliance Discussion

More Related Content

PDF
ISO 27001 2002 Update Webinar.pdf
byControlCase
 
PPTX
SOC 2 Compliance and Certification
byControlCase
 
PPTX
PCI DSS Compliance Checklist
byControlCase
 
PPTX
Introduction to PCI DSS
bySaumya Vishnoi
 
PDF
2022 Webinar - ISO 27001 Certification.pdf
byControlCase
 
PPTX
PCI DSS 4.0 Webinar Final.pptx
byControlCase
 
PDF
Risk Analysis and Management Process Flow Chart
byKathy Vinatieri
 
PPTX
PCI DSS Compliance
bySaumya Vishnoi
 
ISO 27001 2002 Update Webinar.pdf
byControlCase
 
SOC 2 Compliance and Certification
byControlCase
 
PCI DSS Compliance Checklist
byControlCase
 
Introduction to PCI DSS
bySaumya Vishnoi
 
2022 Webinar - ISO 27001 Certification.pdf
byControlCase
 
PCI DSS 4.0 Webinar Final.pptx
byControlCase
 
Risk Analysis and Management Process Flow Chart
byKathy Vinatieri
 
PCI DSS Compliance
bySaumya Vishnoi
 

What's hot

PDF
NQA ISO 27001 Implementation Guide
byNQA
 
PDF
Cybersecurity Frameworks for DMZCON23 230905.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
SOC 2 and You
bySchellman & Company
 
PDF
How to use ChatGPT for an ISMS implementation.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
ISO 27001 - information security user awareness training presentation - Part 1
byTanmay Shinde
 
PPTX
27001 awareness Training
byDr Madhu Aman Sharma
 
PPTX
Iso iec 27001 foundation training course by interprom
byMart Rovers
 
PPTX
All you wanted to know about iso 27000
byRamana K V
 
PPTX
ISO 27001 Awareness/TRansition.pptx
byDr Madhu Aman Sharma
 
PPTX
CISA Training - Chapter 4 - 2016
byHafiz Sheikh Adnan Ahmed
 
PDF
Why ISO27001 For My Organisation
byVigilant Software
 
PPT
ISO 27001 - Information Security Management System
byMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
PDF
1. PCI Compliance Overview
byokrantz
 
PPTX
How to fulfil requirements of ISO 20000:2018 Documents?
byGlobal Manager Group
 
PDF
Role-Based Access Control, Second Edition ( PDFDrive ).pdf
bySusmitaMahato3
 
PPS
ISO 27001 2013 isms final overview
byNaresh Rao
 
PPTX
ISO 27001 In The Age Of Privacy
byControlCase
 
PDF
ISO 27001:2022 What has changed.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
Iso 27001 isms presentation
byMidhun Nirmal
 
PDF
ISO 27001:2022 Introduction
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
NQA ISO 27001 Implementation Guide
byNQA
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
SOC 2 and You
bySchellman & Company
 
How to use ChatGPT for an ISMS implementation.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 - information security user awareness training presentation - Part 1
byTanmay Shinde
 
27001 awareness Training
byDr Madhu Aman Sharma
 
Iso iec 27001 foundation training course by interprom
byMart Rovers
 
All you wanted to know about iso 27000
byRamana K V
 
ISO 27001 Awareness/TRansition.pptx
byDr Madhu Aman Sharma
 
CISA Training - Chapter 4 - 2016
byHafiz Sheikh Adnan Ahmed
 
Why ISO27001 For My Organisation
byVigilant Software
 
ISO 27001 - Information Security Management System
byMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
1. PCI Compliance Overview
byokrantz
 
How to fulfil requirements of ISO 20000:2018 Documents?
byGlobal Manager Group
 
Role-Based Access Control, Second Edition ( PDFDrive ).pdf
bySusmitaMahato3
 
ISO 27001 2013 isms final overview
byNaresh Rao
 
ISO 27001 In The Age Of Privacy
byControlCase
 
ISO 27001:2022 What has changed.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Iso 27001 isms presentation
byMidhun Nirmal
 
ISO 27001:2022 Introduction
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 

Similar to Integrated Compliance Webinar.pptx

PPTX
Continuous Compliance Monitoring
byControlCase
 
PPTX
OneAudit™ - Assess Once, Certify to Many
byControlCase
 
PPTX
Continuous Compliance Monitoring
byControlCase
 
PPTX
Continuous Compliance Monitoring
byControlCase
 
PDF
Maintaining Data Privacy with Ashish Kirtikar
byControlCase
 
PPTX
Managing Multiple Assessments Using Zero Trust Principles
byControlCase
 
PPTX
Integrated Compliance – Collect Evidence Once, Certify to Many
byControlCase
 
PPTX
Performing One Audit Using Zero Trust Principles
byControlCase
 
PDF
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
byControlCase
 
PDF
Logging and Automated Alerting Webinar.pdf
byControlCase
 
PDF
Business process compliance
byHugo Andrés López
 
PPTX
PCI PIN Security & Key Management Compliance
byControlCase
 
PPTX
Government and SOX Compliance for ERP Systems
byDan Aldridge, ERP Software Evangelist, LION
 
PPTX
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
byControlCase
 
PPTX
Vendor risk management webinar 10022019 v1
byControlCase
 
PDF
Optimizing Compliance Programs in Organizations: A Top Down Approach
byEthisphere
 
PPTX
Integrated Compliance
byKimberly Simon MBA
 
PDF
SOX Audit Requirements -- How to Succeed
byRodolfoGamaOliveira
 
PDF
Reciprocity_Consolidated Objectives eBook v2
byjustinklooster
 
PPTX
Cloudsolutionday 2016: Compliance and cost controlling on AWS
byAWS Vietnam Community
 
Continuous Compliance Monitoring
byControlCase
 
OneAudit™ - Assess Once, Certify to Many
byControlCase
 
Continuous Compliance Monitoring
byControlCase
 
Continuous Compliance Monitoring
byControlCase
 
Maintaining Data Privacy with Ashish Kirtikar
byControlCase
 
Managing Multiple Assessments Using Zero Trust Principles
byControlCase
 
Integrated Compliance – Collect Evidence Once, Certify to Many
byControlCase
 
Performing One Audit Using Zero Trust Principles
byControlCase
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
byControlCase
 
Logging and Automated Alerting Webinar.pdf
byControlCase
 
Business process compliance
byHugo Andrés López
 
PCI PIN Security & Key Management Compliance
byControlCase
 
Government and SOX Compliance for ERP Systems
byDan Aldridge, ERP Software Evangelist, LION
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
byControlCase
 
Vendor risk management webinar 10022019 v1
byControlCase
 
Optimizing Compliance Programs in Organizations: A Top Down Approach
byEthisphere
 
Integrated Compliance
byKimberly Simon MBA
 
SOX Audit Requirements -- How to Succeed
byRodolfoGamaOliveira
 
Reciprocity_Consolidated Objectives eBook v2
byjustinklooster
 
Cloudsolutionday 2016: Compliance and cost controlling on AWS
byAWS Vietnam Community
 

More from ControlCase

PDF
Navigating Compliance for MSPs From First Audit to Monetization
byControlCase
 
PDF
Principes de base des tests d’intrusion Webinar
byControlCase
 
PDF
Penetration Testing Basics Webinar ControlCase
byControlCase
 
PDF
PCI PIN Basics Webinar from the Controlcase Team
byControlCase
 
PDF
PCI DSS v4 - ControlCase Update Webinar Final.pdf
byControlCase
 
PDF
2022-Q2-Webinar-ISO_Spanish_Final.pdf
byControlCase
 
PDF
French PCI DSS v4.0 Webinaire.pdf
byControlCase
 
PDF
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
byControlCase
 
PPTX
Webinar-MSP+ Cyber Insurance Fina.pptx
byControlCase
 
PDF
Webinar-Spanish-PCI DSS-4.0.pdf
byControlCase
 
PPTX
Webinar - CMMC Certification.pptx
byControlCase
 
PPTX
HITRUST Certification
byControlCase
 
PPTX
CMMC Certification
byControlCase
 
PPTX
FedRAMP Certification & FedRAMP Marketplace
byControlCase
 
PPTX
PCI DSS Compliance in the Cloud
byControlCase
 
PPTX
Vendor Management for PCI DSS, HIPAA, and FFIEC
byControlCase
 
PPTX
Performing PCI DSS Assessments Using Zero Trust Principles
byControlCase
 
PPTX
PCI DSS Business as Usual
byControlCase
 
Navigating Compliance for MSPs From First Audit to Monetization
byControlCase
 
Principes de base des tests d’intrusion Webinar
byControlCase
 
Penetration Testing Basics Webinar ControlCase
byControlCase
 
PCI PIN Basics Webinar from the Controlcase Team
byControlCase
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
byControlCase
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
byControlCase
 
French PCI DSS v4.0 Webinaire.pdf
byControlCase
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
byControlCase
 
Webinar-MSP+ Cyber Insurance Fina.pptx
byControlCase
 
Webinar-Spanish-PCI DSS-4.0.pdf
byControlCase
 
Webinar - CMMC Certification.pptx
byControlCase
 
HITRUST Certification
byControlCase
 
CMMC Certification
byControlCase
 
FedRAMP Certification & FedRAMP Marketplace
byControlCase
 
PCI DSS Compliance in the Cloud
byControlCase
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
byControlCase
 
Performing PCI DSS Assessments Using Zero Trust Principles
byControlCase
 
PCI DSS Business as Usual
byControlCase
 

Recently uploaded

PDF
Think before you Click (Ligap Project) - SI Ebhonu at FGGC.pdf
bySylvester Ebhonu
 
PDF
HYBRID APP DEVELOPMENT AND TECHNOLOGY 01
bydavidjohansen1597
 
PDF
Networking 2 Syllabus using cisco packet tracer simulator
byODINARARCH
 
PPTX
Mind Sound Resonance Technique (MSRT) Teacher Training Course.pptx
byKaruna Yoga Vidya Peetham
 
PPTX
Cybersecurity cyber incident Weeks_7_to_9.pptx
byriaz59
 
PDF
AI Girlfriend Platforms Compared 2026 AI Angels Janitor AI Character AI Candy AI
byAi Angels
 
Think before you Click (Ligap Project) - SI Ebhonu at FGGC.pdf
bySylvester Ebhonu
 
HYBRID APP DEVELOPMENT AND TECHNOLOGY 01
bydavidjohansen1597
 
Networking 2 Syllabus using cisco packet tracer simulator
byODINARARCH
 
Mind Sound Resonance Technique (MSRT) Teacher Training Course.pptx
byKaruna Yoga Vidya Peetham
 
Cybersecurity cyber incident Weeks_7_to_9.pptx
byriaz59
 
AI Girlfriend Platforms Compared 2026 AI Angels Janitor AI Character AI Candy AI
byAi Angels
 

Integrated Compliance Webinar.pptx

  • 1.
    AND AN INTRODUCTIONTO THE CONTROLCASE ONE AUDIT™BOOTCAMP YOUR IT COMPLIANCE PARTNER GO BEYOND THE CHECKLIST Integrated Compliance
  • 2.
    KISHOR VASWANI Chief StrategyOfficer ControlCase ED AMOROSO Founder and CEO TAG Cyber Our Speakers © ControlCase. All Rights Reserved. 2
  • 3.
    TAG Cyber isa trusted cyber security research analyst firm, providing unbiased industry insights and recommendations to security solution providers and Fortune 100 enterprises. Founded in 2016 by Dr. Edward Amoroso, former SVP/CSO of AT&T, the company bucks the trend of pay-for-play research by offering in-depth research, market analysis, consulting, and personalized content based on hundreds of engagements with clients and non-clients alike—all from a former practitioner perspective. . Introduction © ControlCase. All Rights Reserved. 3 ControlCase is a global provider of certification, cyber security and continuous compliance services. ControlCase is committed to empowering organizations to develop and deploy strategic information security and compliance programs that are simplified, cost effective and comprehensive in both on-premise and cloud environments. ControlCase offers certifications and a broad spectrum of cyber security services that meet the needs of companies required to certify to PCI DSS,HITRUST, SOC 2 Type II, ISO 27001, PCI PIN, PCI P2PE, PCI TSP, PA DSS, CSA STAR, HIPAA, GDPR, SWIFT and FedRAMP.
  • 4.
    ControlCase One AuditTMBootcamp © ControlCase. All Rights Reserved. 4 Register free at www/controlcase.com/courses 2-hours, on-demand The Bootcamp introduces the concept of achieving multiple certifications at once, called “One Audit”, via our proprietary compliance process, resulting in significant savings and efficiencies.
  • 5.
    ControlCase Introduction Challenges OfMultiple Compliance Standards Advantages Of A Single Compliance Framework Using Common Domains And References Unified Evidence Processing Establishing A Program Of On-going Compliance Introduction to the ControlCase One AuditTM Bootcamp Agenda © ControlCase. All Rights Reserved. 5 1 2 3 4 5 6 7
  • 6.
  • 7.
    ControlCase Snapshot © ControlCase.All Rights Reserved. 7 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 275+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
  • 8.
    Solution © ControlCase. AllRights Reserved. 8 Certification and Continuous Compliance Services “ I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
  • 9.
    PCI DSS ISO27001-2 SOC 1,2,3,& Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FISMA PCI 3DS Certification Services © ControlCase. All Rights Reserved. 9 “ You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant
  • 10.
    ControlCase Compliance Hub® ©ControlCase. All Rights Reserved. 10
  • 11.
    CHALLENGES OF MULTIPLE COMPLIANCESTANDARDS 2 © ControlCase. All Rights Reserved. 11
  • 12.
    PCI DSS HIPAASOC2 ISO 27001 • PCI DSS Language • PCI DSS References • PCI DSS Process • HIPAA Language • HIPAA References • HIPAA Process • SOC2 Language • SOC2 References • SOC2 Process • ISO Language • ISO References • ISO Process Challenges of Multiple Compliance Standards © ControlCase. All Rights Reserved. 12 ENTERPRISE SECURITY AND COMPLIANCE TEAM Support PCI DSS Support HIPAA Support SOC2 Support ISO
  • 13.
    Supporting Multiple ComplianceStandards • FRAMEWORK TRAINING Security teams must be trained on each of the compliance standards. • DOCUMENTATION Compliance documentation will vary between standards. • PLATFORM TOOLING GRC platform tooling must include support for all frameworks. • ASSESSMENT FEES Pre and post assessments are required for each standard. • STANDARD MAINTENANCE Security teams must track changes in standards. © ControlCase. All Rights Reserved. 13
  • 14.
    ADVANTAGES OF ASINGLE COMPLIANCE FRAMEWORK 3 © ControlCase. All Rights Reserved. 14
  • 15.
    Language / References/ Process Language / References / Process Language / References / Process Language / References / Process ENTERPRISE SECURITY AND COMPLIANCE TEAM Advantages of a Single Compliance Framework © ControlCase. All Rights Reserved. 15 Streamlined Compliance Support Support PCI DSS Support HIPAA Support SOC2 Support ISO 1 COMPLIANCE FRAMEWORK
  • 16.
    Supporting a SingleCompliance Framework • FRAMEWORK TRAINING Security teams must be trained on 1 framework. • DOCUMENTATION Compliance documentation is simplified to 1 format. • PLATFORM TOOLING Compliance platform tooling can be greatly reduced. • ASSESSMENT FEES Pre and post assessments can focus on a single framework (e.g., questionnaire). • STANDARD MAINTENANCE Teams no longer need to track changes in all standards. © ControlCase. All Rights Reserved. 16
  • 17.
    USING COMMON DOMAINSAND REFERENCES 4 © ControlCase. All Rights Reserved. 17
  • 18.
    Using Common Domainsand References © ControlCase. All Rights Reserved. 18 TERMINOLOGY Common references are required to ensure consistency across all compliance activity. Examples: DEFINITIONS Common explanations are required to avoid gaps in interpretation between different compliance tasks. CONCEPTUAL MODEL Compliance teams must maintain a common underlying conceptual model of how data is collected, generated, processes, stored, and shared. • Asset • Attackers • Availability • Confidentiality • Control • Function • Incident • Integrity • Policy • Security Goal • Stakeholder • Threat • Vulnerability
  • 19.
    UNIFIED EVIDENCE PROCESSING 5 ©ControlCase. All Rights Reserved. 19
  • 20.
    Accurate Collection ofControl Evidence © ControlCase. All Rights Reserved. 20 Definition Controls are those functional, procedural, or policy-based mechanisms that ensure proper operation with desired framework requirements. Identification of controls for security and privacy can be performed in multiple ways: DOCUMENTS: • Use of documented functions, procedures, and policies. DISCUSSIONS: • Use of discussions with principals and practitioners. SYSTEM SCANNING: • Use of automated control discovery tools. SECURITY MANAGEMENT: • Use of log review and other security procedures.
  • 21.
    On-Going Reference Mappingto Frameworks © ControlCase. All Rights Reserved. 21 Definition A mapping, in the context of security and privacy, involves establishing a relationship between a control and the corresponding framework requirements. Framework mappings can be performed for security and privacy frameworks in multiple ways: MANUAL: • Humans can use spreadsheets and other tools to perform mappings AUTOMATED: • Platforms can relate controls to framework requirements CONTINUOUS: • Automation enables continuous compliance mappings
  • 22.
    ESTABLISHING A PROGRAMOF ON-GOING COMPLIANCE 6 © ControlCase. All Rights Reserved. 22
  • 23.
    Cost and TimeSavings © ControlCase. All Rights Reserved. 23 NORMAL TIME SPENT BY CUSTOMER ON COMPLIANCE & CERTIFICATION (OF 1 ENVIRONMENT WITH 4 PARALLEL CERTIFICATIONS) PCI DSS ISO 27001 SOC2 HIPAA TOTAL Compliance / Evidence Collection 400 hrs. 400 hrs. 400 hrs. 400 hrs. 1,600 hrs. Certification Support 150 hrs. 150 hrs. 150 hrs. 150 hrs. 600 hrs. EVIDENCE COLLECTION & COMPLIANCE TOTAL Time Saved through ControlCase Multi-Regulation Mapping/One Audit™ 900 hrs. Time Saved through Control Case Automation 350 hrs. Total time spent on evidence collection by using another auditor 1,600 hrs. Total time spent on evidence collection partnering with ControlCase 350 hrs. CERTIFICATION SUPPORT TOTAL Total time spent on certification support using another auditor 600 hrs. Total time spent on certification support partnering with ControlCase 600 hrs. * Based on 1 environment with 4 parallel certifications (PCI, ISO, SOC2, HIPAA). TOTAL TIME SPENT ON COMPLIANCE & CERTIFICATION USING ANOTHER AUDITOR 2,200 hrs.* TOTAL TIME SPENT ON COMPLIANCE & CERTIFICATION IN AWS BY PARTNERING WITH CONTROLCASE 950 hrs.* TOTAL TIME SAVED ON COMPLIANCE & CERTIFICATION BY PARTNERING WITH CONTROLCASE 1,250 hrs.*
  • 24.
    One Audit™ Approachand Timeline MONTH MONTH MONTH MONTH MONTH MONTH Regulation 1 Regulation 2 Consolidated Pre-Assessment Pre-assessment of regulations using the ControlCase Compliance Hub® platform and Integrated Questionnaires. Real-time Progress Reports and Management Dashboards Audit Report or Attestation of Compliance © ControlCase. All Rights Reserved. 24 1 2 3 4 5 6
  • 25.
    PCI DSS ISO27001 SOC 2 HIPAA Approach and Timeline per Regulation © ControlCase. All Rights Reserved. 25 Condensed Audit Questions 250+ Questions reduced to less than 99 Iterative Approach Partnering with you to get it done Timely Results Average delivery cycle of 3 months Compliance Attestation Sealed, signed, and delivered service Ongoing Monitoring Makes compliance business as usual 1 2 3 4 5 Onsite Audit (2-5 days) Onsite Audit (1-3 days) Certificate Issued Surveillance Audit (1-3 days) Surveillance Audit (1-3 days) 1 2 Mandatory 10 days between Stage 1 & 2 Audit YEAR 1 YEAR 2 YEAR 3 Kick-off Call w/ Intro Scoping Accept — Pass 50% Evidence Upload Accept — Pass 100% Evidence Upload Accept — Pass CPA Evidence Review Final Assertion and Management Representation Letters and SOC 2 Report Delivery 2 3 4 1 Technical Evidence Collection Kickoff Policy and Procedure Review Iterative Review, Remediation Support and Assessment Documentation and Report Delivery 1 2 3 4
  • 26.
    Certification Process (AfterPassing Compliance) © ControlCase. All Rights Reserved. 26 PCI DSS HIPAA ISO 27001 SOC2 TYPE 2
  • 27.
    CONTROLCASE ONE AUDITTM BOOTCAMPINTRODUCTION 7 © ControlCase. All Rights Reserved. 27
  • 28.
    ControlCase One AuditTMBootcamp © ControlCase. All Rights Reserved. 28 https://www.controlcase.com/courses/one-audit-bootcamp/
  • 29.
    ControlCase One AuditTMBootcamp ASSESS ONCE, COMPLY TO MANY: PCI DSS, HIPAA, SOC2, & ISO 27001 ControlCase has pioneered a strategy to streamline compliance by creating a set of common domains and references for evidence collection and processing to optimize productivity. This course is an introduction to that strategy. OVERVIEW: This 2-hour on-demand course is geared toward IT professionals and is appropriate for many practitioner roles. The delivery of this self-paced course includes video lectures, real audit question demonstrations, and knowledge check questions throughout, with a certificate document provided at the conclusion of the course. THIS COURSE WILL: • Familiarize you with common IT Security Standards: PCI DSS, HIPAA, SOC 2 & ISO 27001. • Explain at a high level the concept of integrated compliance. • Show you an overview of the One Audit™ Process. • Walk you through specific examples of questions that have been mapped to multiple standards. • On completion of the course, you will receive a One Audit™ Certificate of course completion. © ControlCase. All Rights Reserved. 29
  • 30.
    THANK YOU FORTHE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com contact@controlcase.com ControlCase One Audit BootcampTM Registration Schedule Compliance Discussion

Editor's Notes

  • #8 Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.