Record requests, Capture events, Analyze results and trends. Prioritize based in facts and finding.

Transcription

1 Facilitated Compliance Management How vast is Your Universe? Compliance is a universe of constraints enforcing business and technology practice aligned to minimally acceptable product, service and financial benchmarks, consumer and citizen safety, and continuous availability of critical resource as mandated by US and World Governments. Considerations for HIPAA, the USA Patriot Act, Graham, FISMA/ egovernment, OMB Circulars (various, such as A 119 and A 130), Executive Directives, DCIDs can't be limited to government, federal and financial programs. Businesses work in tandem, weaving regulatory issues via ecommerce, outsourcing and third party services, such that any law has implications for across multiple industries and business classifications. Laws like the Clinger Cohen Act, the Paper Reduction Act, Basel I and II European Union privacy laws and Safe Harbor Principles California Security Breach Notice Law as well as emerging bills with similar guidelines SEC rule17a 4, NARA regulations for federal records management, SEC CFR 17 Rule no affecting Clearing Corporations, the National Strategy to Secure Cyberspace and many associated Public Laws and Government guidelines (especially those affecting Security programs and implementation of appropriate standards such as various FIPS) are all a part of our audit universe. The PB&SP toolbox is a list of applications and industry tools, with special attention to the better companies and materials, as found most successfully implemented among our clients. Record requests, Capture events, Analyze results and trends Prioritize based in facts and finding. Once you have the processes down, you are ready to build or buy, leverage and automate, Define, Measure, Manage and Control your unique Audit Universe

2

3 Source Alignment Facilitates Common Use based in understanding of regulations frameworks standards mandates and business requirements

4 Aligning the Audit Universe Be It COBIT ITIL COSO FISCAM NIST PCI/VISA BS7799:2 or ISO/IEC 17799:2005

5 The Harmonization of Standards allows for individualized selections

6 By understanding the Process Architecture

7 Audit Planning and oversight is able to align process owners to audit events... specific to industry defined business and technology controls

8

9 Control Self Assessment is facilitated so that any employee can easily search, report on and track their assigned high level and detail controls. The end user can add any known industry standard and can also add controls of their own control activities. FCM is about facilitating your requirements.

10

11 The IT Manager and Auditor can work as a team to assure that

12 Job Descriptions match industry approved roles and accountability

13 Problems are easily identified, evaluated for impact, reported and resolved

14 Facilitating compliance knows that teams need tools. Whether you bye or build, FCM provides "stop the bleeding" interfaces. Microsoft Access and SQL back end prototypes will manage up to the first thousand records, giving teams the time to refine their process, document requirements, build the ERD and determine their own validated automated best practice Providing IT Teams with the process and method to track evidence of control over all forms of IT Service events

15 Tracking Risk

16

17 Manage Change

18

19 Manage Requests in all areas of IT Service Management

20

21 The service driven architecture knows that service catalogues are a mandate. As old and true as the mainframe and Pascal, the RunBook proves we can keep services running. Documenting procedures by IT Service, RunBook is a catalogue of all running processes

22 RunBooks gather background from the Configuration ITEMS (CIs) in the controlled assets back end

23 Facilitate a working model for your unique organization's CMDB Speak those precious words "There is only one configuration"

24 (based in known standards for OS, Application and hardware)

25

26 Standard applications align to business profiles for standard desktop and server builds

27 Build procedures are clear and routine

28

29

30 Glossaries Data Dictionaries Reports and Event Management

31

32 Reports Reports Reports Visio Integration and Complete Compliance Audit Readiness

33 SAS70 and COBIT /COSO/ FISMA and SOX aligned audit reporting Put all the results into their appropriate place, as a risk or a planned event and you have...

34 Record requests, Capture events, Analyze results and trends Prioritize based in facts and finding. Once you have the processes down, you are ready to build or buy, leverage and automate, Define, Measure, Manage and Control your very own Audit Universe