Compliance and Audit Management

Businesses today are faced with the crushing burden of regulatory compliance. Publicly traded companies and companies operating in highly regulated industries have to comply with multiple regulations. At the same time business managers are complaining that current security technology is too complex, the reports are hard to understand and do not help with making risk-based decisions. Organizations feel that they are spending too much money on ad hoc processes and outside consultants to meet audit requirements.

As regulations grow, auditors are becoming more demanding not only about testing the controls but also about the quality and integrity of the evidence that is submitted to support audits. Automation allows auditors to waive duplicate testing of controls and in many cases accept automated test results or evidence of testing in lieu of tests in order to save time as well as cost. AlertEnterprise delivers an audit solution with a repository for test results, select the type of audit and define the time period and duration of the audit.

Compliance Automation
Organizations are faced with having to meet regulatory requirements related to their line of business and the industries they operate in. Additionally governance requirements may mandate the adherence to standards, best-practice frameworks and custom-developed organizational policies. Developing a set of controls for each case and then completing compliance assessments can be a time consuming and laborious process.

AlertEnterprise delivers a compliance management solution that works with existing enterprise applications, security automation tools and critical business applications to aggregate information and conducts a true cross-enterprise risk analysis. The AlertEnterprise Compliance Management solution normalizes controls across multiple regulations, standards and frameworks and combines them with automated General Computer Control (GCC) test results to deliver the most comprehensive view of risk. Multiple compliance assessment projects can be active simultaneously and the results can be displayed in role-specific dashboards. AlertEnterprise extends beyond just displaying compliance violations, to delivering the ability to remediate the risks and take follow on actions.

  • Multiple simultaneous assessment projects
  • Normalize controls across multiple regulations and frameworks
  • Roles-based dashboards with compliance reporting
  • Support for SOX, HIPAA, NERC CIP, FERC, ISO 27001/27002, CoBIT, NIST SP800-53, FISMA, FFIEC, GLBA, PCI DSS, SAS-70 and many more.

Risk Repository and Workflow Automation
AlertEnterprise delivers a complete solution for multi-regulatory compliance automation and risk management. The built- in Common Controls and Risk Repository (CCRR) allows controls from multiple authoritative sources, regulations and standards to be mapped against each other and harmonized so as to reduce the overlap in controls testing and reduce the time to compliance by as much as 70%.

Key risk libraries, industry-specific and process-specific controls can be mapped to assets, people or processes and included in the controls testing. AlertEnterprise provides a robust rules-engine that allows custom controls to be created and automated as well to fit in with existing business processes. Exceptions and failed controls can trigger notification, multi-level workflow and approval processes.
Common repository for regulations, standards and best-practice frameworks.

  • Ability to define and automate custom controls
  • Controls mapped to applications, systems, assets, people, processes and facilities
  • Multi-level workflow

Audit Automation
Audit and point-in-time controls testing costs continue to grow. Internal costs to support audits as well as external costs for consultants and auditors are taking a bigger bite out of already shrinking budgets. Auditors are also making forays into new ground as role lifecycle management and user access certification are rapidly becoming key areas of focus.

AlertEnterprise leverages its CCM capabilities as well as compliance automation capabilities built into the software platform to deliver audit automation capabilities that provide a demonstrated level of confidence in the test results as well as a repository for evidence linked to the test results. Tests can be scheduled at pre-defined intervals and stored results from previous tests can be used as baselines for subsequent audits.

  • Repository for storing test results and evidence
  • Exception handling and reporting
  • User-definable testing schedules and durations

Solutions
space
zone1bar
space
zone1bar
space
zone1bar
spacer

Industry Solutions
 
  Industries
  Smart Grid/ Utilities
  Oil & Gas
  Chemicals
  Transportation
  Nuclear
  Pharmaceuticals
  Healthcare
 
Public Sector
  Federal Government
  Defense and Intelligence
  Public Safety
  Airport Security
  State & Local Government
 
Regulations and
  Standards
  NERC CIP
  CFATS
  Sarbanes-Oxley
  FERC Codes of Conduct
  ANSI/ISA 99
  NIST SP800-XX
  FISMA
  HSPD-12
  HIPAA
  OSHA
  OFAC