|
|
 |
|
The failure to plan for compliance with new Federal regulations could send you, your executives and managers to jail, and cost millions of dollars in fines. The problem is that with so many regulations today, knowing if your organization does NOT comply with them could prove to be a nightmare. There is an answer to the minefield of legal requirements imposed by government agencies today. By integrating all the various requirements into a compliance matrix, we are able to determine rapidly the extent of non-compliance and make appropriate recommendations. |
|
|
eFortresses has developed the first truly integrated compliance "health check" solution for the myriad of information security requirements. We have found a unique way to process all information security requirements for risk assessment and present the results as a comprehensive report of areas in which you may have failed regulatory compliance. By providing an automated tool to search the many regulations listed below we offer organizations the ability to know within a few days, (not the traditional weeks and months), whether they are in complete compliance. |
|
|
|
|
|
 |
|
 |
 |
|
|
|
|
|
Compliantz consists of a knowledge base, providing information on controls, control objectives for federal/government standards and regulations. We then map the controls within Information Security Management best practices of ISO 17799:2000, ISO 17799:2005 & ISO 27001:2005 to requirements stipulated in NIST SP 800-53/FIPS 200, HIPAA Security, GLBA, Sarbanes-Oxley Act, FACT Act, PCI Data Security, California SB-1386 and others, thereby acting as an interface between these myriad of information security requirements. | |
|
|
|
|
|
|
|
|
Independent Consultants
Auditors (External and Internal)
Privacy/Compliance Officers
Chief Information Officers (CIOs)
Information Security Officers (ISOs & CSOs)
Information Security Staff |
|
|
|
|
|
|
|
|
|
Self Assessment |
|
|
|
Compliantz is predicated on the Plan-Do-Check-Act methodology (established over 50 years ago in Japan) |
|
|
 |
Plan: Gap analysis and mapping tool for highlighting areas of security exposure and evaluating state of readiness for compliance or certification. |
|
|
|
Do: Rate your state of readiness. This rating is presented in actual percentage terms. |
|
|
|
Check: Perform benchmarking, also known as a verification audit or gap analysis which entails a process of comparing the organizations current information security program, if any, to ISO 17799/27001, NIST SP 800-53/FIPS 200, HIPAA Security, GLBA, Sarbanes-Oxley Act, FACT Act, PCI Data Security, California SB-1386 and others, identifying any non conformities in the information security management system and recommending how to bring them into conformance with these elements. |
|
|
|
Act: Based on answers received from questions, Compliantz determines if an organization is required to comply with these standards and where they may be deficient. |
|
|
|
Reporting |
|
|
|
Includes the following: |
|
|
|
Compliantz Assessment Scorecard. |
|
|
|
Regulatory Compliance Dashboard. |
|
|
|
Compliantz recommendation report. |
|
|
|
|
|
|
|
|
Compliantz distinguishes itself from other self-assessment products on the market by providing the ability to measure and achieve compliance with multiple information security standards. This capability drastically reduces the time and cost associated with running multiple security compliance projects. Compliantz can be continually re-used to ensure an ongoing and proactive security program, remember that all prior data is kept in a data repository so there is no requirement to re-key any data. |
|
|
|
|
|
|
|
|
|
Web based |
|
|
The product is licensed on a subscription basis. Each customer is required to log on to a secure portal where they have the ability to use the full features of the product, from anywhere and at anytime. |
|
|
|
Standalone |
|
|
The standalone product is installed on individual machines, with each database instance residing on the local machine. |
|
|
|
Enterprise |
|
|
The enterprise license is installed as a client server configuration, whereby the database instance resides on a central server and the product client is installed on each individual machine. |
|
|
|
|
|
|
|
|
|
|
|
| |
| |
