SureCloud®, a supplier of IT Governance, Risk and Compliance (GRC) solutions, today announced the immediate availability of Compliance Manager as part of its SaaS-based Collaborative Compliance Platform™. Compliance Manager offers a practical and proven alternative to the currently available IT GRC options. It is designed for organisations that need to implement a number of IT GRC processes within a short time frame and at a reasonable price.
Any process, for example Compliance Auditing, Incident Response, Policy Compliance or Risk Management, can be automated simply with Forms, Workflows and User Definable Dashboards. Third Party Assurance capabilities, targeted at helping enterprise organisations automate and efficiently manage their third party assurance programmes, further extends the capabilities of the Compliance Manager module.
In 2012 the average cost of each security incident at a major enterprise is estimated to be between £110,000 and £250,000*. A large number of major enterprise breaches originate in third party suppliers; while large organisations usually have dedicated security teams and a range of sophisticated security audit tools at their disposal many of their smaller third party suppliers do not, and since sensitive information is being shared with them, they have to be assessed for risk. The standard method for performing these risk assessments is to ask external suppliers to complete a set of manually created spreadsheet-based questionnaires. For some organisations the number of third party suppliers can run into thousands, making the process extremely time consuming, labour intensive, inefficient and expensive. With the Compliance Manager module organisations can create any number of user-defined questionnaire templates and simply distribute, collate, track and manage them all within a single cloud-based collaborative environment.
“Large organisations can spend many man hours manually creating and tracking spreadsheet-based security questionnaires for third parties with little control over how they assign or monitor actions,” said Nick Rafferty, Chief Operating Officer at SureCloud. “SureCloud’s Compliance Manager allows them to track responses, manage outstanding tasks and access management information across all suppliers in real-time from a single dashboard. As a result of introducing an efficient Third Party Assurance process, organisations can massively reduce the time and cost of running these programmes.”
SureCloud’s Compliance Manager extends compliance support for Third Party Assurance processes – all managed within a single, fully-customisable platform. Questionnaires can be instantly generated with granular permissions to control exactly what each third party can view and update. Third parties are given controlled access to the Collaborative Compliance Platform to complete their questionnaires and upload supporting evidence where appropriate.
The Compliance Manager now offers the following enhanced features and benefits:
- Actions can be allocated to third parties based on their response (or lack of response) to security questionnaires
- Auditors and third parties alike can manage and track actions from start to finish
- Dashboards provide a real-time summary of the Third Party Assurance Initiatives; obviating the labour intensive, manual process of summarising data from spreadsheets – for example, identifying common areas of compliance failure across thousands of suppliers
- User based pricing allows organisations a lower entry point to get themselves up and running quickly
SureCloud’s Collaborative Compliance Platform is a SaaS-based pay-as-you-go offering that allows businesses of all sizes to access a range of IT GRC and information security solutions (such as vulnerability management) as well as gain real-time actionable intelligence relating to their compliance status.
SureCloud supplies a Software-as-a-Service solution that enables organisations to greatly simplify and cost-effectively manage their IT Governance, Risk and Compliance (IT GRC) initiatives. Established in 2006, SureCloud is a British company based in Reading, Berks, with more than 250 customers throughout the UK from the Retail, Financial Services and Government sectors, including a large number of local authorities.
* https://www.pwc.co.uk/en_UK/uk/assets/pdf/olpapp/uk-information-security… PwC Information security breaches survey – April 2012