WHAT IS THE BUSINESS CHALLENGE?

Organizations that are void of a Chief Information Security Officer (CISO) or an IT Security Manager typically means they are void of a comprehensive security risk management plan to address compliance. ITPG’s Compliance Gap Analysis Solutions drill down to the law’s compliance requirements, required security controls, and implementation of needed safeguards. In essence, ITPG can help fulfill your compliance assessment initiatives.

Compliant-stamp

To streamline our solutions offering, ITPG incorporates its proprietary information gathering questionnaires and automated compliance tool checklists to verify and validate as part of the overall Compliance Gap Analysis and overall qualitative assessment maturity posture assessment. These unique and complex information gathering questionnaires and automated compliance tool checklists include the following verticals and compliance laws:

WHO HAS TO MAINTAIN ANNUAL COMPLIANCE?

Industry Vertical Compliance Law or Standard Compliance Scope/Checklist
K-12 / Higher-Educationg FERPA FERPA Data Security Standard
Federal Government FISMA FISMA IA Cert. & Accreditation
Federal Government Fed RAMP Federal Risk and Authorization Management Program / Checklist
Federal Government – DoD DIACAPS DoD Information Assurance Certification and Accreditation Process
Financial (Banking/Insurance) GLBA GLBA Privacy & Safeguard Rules / Checklist
Healthcare HIPAA. HIPAA Security Rule, Privacy Rule, & Business Plans / Checklist
Retail/e-Commerce/Other PCI DSS PCI DSS Merchant / Service Provider SAQ – A/B/C/D
Publicly Traded Company SOX SOX – Section 303 & Section 404 – Security Controls & Safeguards / Checklist

 

WHY MUST YOUR ORGANIZATION MAINTAIN ANNUAL COMPLIANCE?

As mandated by recent compliance laws and standards, organizations in many verticals are required to maintain annual compliance. This means an annual compliance gap analysis is needed as a road-map for what the scope of your organization’s security risk assessment should be.

compliance checklist

Many organizations opt to perform a high-level, compliance gap analysis first, as a precursor to performing a security risk assessment. Some of the business challenges facing both private sector and public sector organizations include:

  • Lacking stringent configuration change management procedures makes it difficult for organizations to identify what elements must be assessed to ensure if compliance requirements are impacted
  • Maintaining annual compliance is a burden that typically requires a crisis mode of operation and support by all IT and IT security personnel to meet the annual deadline
  • Identifying and prioritizing gaps found that require remediation to mitigate high risk exposure
  • Budgeting CAPEX and OPEX to remediate risks, threats, and vulnerabilities that contribute to the IT infrastructure’s non-compliance
  • Ensuring that the organization’s work-force has been properly trained on organizational policies, operational procedures, and security awareness to maintain a tight security baseline definition

HOW DOES ITPG’S COMPLIANCE GAP ANALYSIS HELP YOU?

  • Breakdown the complexity of compliance laws into real-world implementation requirement
  • Incorporate compliance requirements into a qualitative assessment tracking tool or spreadsheet organized per the law’s safeguard categories (e.g., administrative, physical, technical, etc.)
  • IN-DEPTH interview of your IT, IT security, and management personnel and perform on-site inspections and reviews of your current layered security implementation to validate security controls and implementations
  • Create a high-level, qualitative compliance gap analysis & posture assessment mapped to your organization’s compliance requirements

ITPG has successfully delivered 100+ Compliance Gap Analysis and Posture Assessments covering every vertical industry and compliance law currently enacted within the USA.

GRC Solutions



GRC Service Products PDF-download-icon

ISSA Curriculum Overview