Embed Size (px)
DESCRIPTION
Compliance Vigil solution provides a platform for risk and compliance (R&C) management where in the framework, management, automation and monitoring of the R&C is bundled into one single platform and delivered from the cloud (private or public). The platform allows to capture all matters of compliance and related data on a single system in order to assist enterprises to keep time and effort up with ever increasing regulatory requirements. Find out more at - http://www.happiestminds.com/ComplianceVigil/
Citation preview
Compliance VigilSolution Overview
2 © Happiest Minds – Confidential
WHAT and WHY GRC in Enterprises?
3 © Happiest Minds – Confidential
OUR IP SOLUTION FOR GRC MANAGEMENT
4 © Happiest Minds – Confidential© Happiest Minds – Confidential
Vendor Risk Assessment
Application risk assessment
IT Risk management
Awareness & Training
Business Impact assessments
Policies, Standards & Procedures
Cloud security assessment
Compliance management
Tec
hn
ica
l c
on
tro
ls
As
se
ts,
Inc
ide
nts
, V
uln
era
bil
itie
s,
ac
ce
ss
re
vie
ws
, V
ari
ati
on
s,
log
s a
nd
ev
en
ts
Lo
gic
al
co
ntr
ols
P
oli
cie
s,
Pro
ce
du
res
/ A
wa
ren
es
s,
Sta
ke
ho
lde
rs
inv
olv
em
en
t
Wo
rk f
low
s &
de
leg
ati
on
P
roc
es
s a
dh
ere
nc
e
Risk & Compliance Monitoring from the cloud !
Readymade compliance policies Pervasive control monitoring Seamless integration with your
business processes Role based access control &
Delegation Comprehensive compliance
reporting with tracking and dashboards
Unified control framework Subscription-based pricing
models Multiple of hosting options
Compliance Vigil
Risk & Compliance methodology,
management, automation and
monitoring bundled into one single
platform and delivered from the
cloud
5 © Happiest Minds – Confidential
Risk Management[High level features & services]
Risk management framework
• Built in modules for risk monitoring
• Customizable per enterprise needs (risk likelihood, owner, weightage)
• Evidence mapping
IT Risk assessment
• Information Assets• Vendors / partners• Applications etc.
Reports & Dashboards
• Reports & dash boards• Historic graphs• Customizable reports &
Risk charts
Risk Monitoring
• Change review management
• End to end correlation – assets, logs, vulnerabilities (non-intrusive)
6
● Support for different Levels of administration & Users Organisation, Business Units, Groups, Roles
Global users (corporate, CISO office, information security)
Administrator – The Compliance Manager
User – HR, IT, Security staff who have the facts
Self Service Compliance[How is this achieved?]
Represent the enterprise and compliance hierarchy
● Different Views & role based access controlConfigurable roles and privileges (administration and end user functionality)
System Administrators – sees everything
Organizational administrators - can configure users, roles, access privileges, user groups, additional policies /
mandates, import information assets, add / modify questions, and mapping
Users – see only those sections, mandates, policies, questions that they are responsible for
Role based access and custom views, flexible questionnaires
● Share the workload AND maintain accountabilityNon-compliance can be traced to the Section, Control and Question and to the individual person responsible
All stakeholders within organisation (and partners) made responsible for compliance
End user training and awareness made simple and easy !
Configure assessments and rollout to employees and partners
7 © Happiest Minds – Confidential
Vendor Risk Assessment [Detailed features]
• Exercise the appropriate due diligence in selecting, monitoring, and managing information security of third party vendors
• An automated repeatable and measurable process• Track outstanding remediation items and manage the time-consuming process of vendor follow-up• Identify trends and areas for improvement making the process better over time
• SLAs’ & service delivery• Physical security• Back ups• Employee background verification• Acceptable usage• Status reporting
DUE DILIGENCE
• NDAs, MSA’s• Scope of services• Processing environment• Change management• Records retention• Business continuity• Penalties and exit clause• SDLC
CONTRACTUAL
• Regulatory compliance• Evidence tracking & mapping• CIA agreements• Access administration &
governance• Controls verification• Data protection• Monitoring
SECURITY
8 © Happiest Minds – Confidential
Cloud Risk Assessment
Features
Application characteristics, current infrastructure, data foundation, integration and Compliance/security requirements are all factored in
Roles and Representatives from Third Parties can log onto the system (with Role-based Access Control)
Assessments can be aggregated for consolidated reporting
Support for correlation rules enables a wide range of comparisons
The Cloud Assessment module guides enterprises through critical risks around cloud infrastructure/application hosting that impact the organization
9 © Happiest Minds – Confidential
Thank You
Q&A
