CS-Video.pnghttps://youtu.be/uePtqWX2wxs

What is Compliance Assessment

A compliance assessment is an evaluation process designed to determine whether an organization or system adheres to regulatory requirements, industry standards, or internal policies. These assessments can cover a wide range of areas, including financial regulations, data protection and privacy laws, cybersecurity standards, health and safety protocols, environmental regulations, and more.

The primary goals of a compliance assessment are to:

  1. Identify Gaps: Determine where the organization's practices might not meet the required standards or regulations.

  2. Mitigate Risks: Understand the potential risks associated with non-compliance, which can include legal penalties, financial losses, reputational damage, and operational disruptions.

  3. Recommend Improvements: Provide actionable insights and recommendations to help the organization address compliance gaps and improve its overall compliance posture.

  4. Ensure Accountability: Assign responsibility for compliance to specific roles or departments within the organization.

  5. Demonstrate Compliance: Help organizations prove to regulators, partners, customers, and other stakeholders that they are in full compliance with relevant regulations and standards.

image-20241030-202041.png

Compliance Assessment - Table of Contents

Compliance Assessment - Overview

The following Compliance Assessments are available:

Standard

Source

CIS v8

https://www.cisecurity.org/controls/cis-controls-navigator/v8

CMMC (Cybersecurity Maturity Model Certification)

https://www.cisa.gov/resources-tools/resources/cybersecurity-maturity-model-certification-20-program

Cyber Essentials

https://www.ncsc.gov.uk/cyberessentials/overview

https://iasme.co.uk/

DORA (Digital Operational Resilience Act)

https://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en

Essential Eight

https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight

FADP (Federal Act on Data Protection)

https://www.edoeb.admin.ch/edoeb/en/home/datenschutz/grundlagen/dsfa.html

GDPR (General Data Protection Regulation)

https://gdpr-info.eu/

HIPAA

https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

HITRUST

https://hitrustalliance.net/

NIST 171 Rel2

https://csrc.nist.gov/pubs/sp/800/171/r2/upd1/final

NIST 800-53

https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final

NIST CSF 2.0 (NIST Cybersecurity Framework)

https://www.nist.gov/informative-references

NIS 2

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022L2555

NYDFS (New York Department of Financial Services)

https://www.dfs.ny.gov/industry_guidance/cybersecurity

PCI-DSS v4.0

https://www.pcisecuritystandards.org/document_library/

WISP IRS

https://www.irs.gov/newsroom/a-written-information-security-plan-protects-tax-pros-and-their-clients

Compliance Assessment - Details

Tap on the Start Assessment button to get started.

image-20240403-212457.png

You will see a table view where any existing assessments will be displayed. This will show the Name, Start Date, Last Updated Date, Completed Date, Status, and an Action menu.

image-20240403-212610.png

To begin a new assessment, click on the +Add button.

image-20240403-212645.png

Give the Assessment a name and save it.

image-20240403-212747.png

The assessment will display the number of sections with their description and the number of questions on the left panel.

image-20240403-212855.png

You can tap on the section name to see the questions. The answers do not have to be completed in any order and can be saved as a ‘draft,’ so you may revisit the assessment many times until it is fully completed.

Tap the upload evidence icon next to any question if you have any supported documents or files to provide.

image-20240403-213050.pngimage-20240403-213112.png

After all questions from each section are completed, you will see the status as Completed and can use the Action menu to View/Download your completed assessment.

image-20240403-213542.png

The file will be saved as a standard ZIP folder using the Assessment Name with a date range and time stamp; here is an example completed on April 3rd

image-20240403-213653.png

The folder will contain a Word document and an Excel file with the provided data.

image-20240403-213757.png


Compliance Assessment - Action Toolbar Overview

The standard Alerts module is available only.

image-20240403-213846.png

Need Support?

You can contact our support team by emailing support@connectsecure.com or visiting our Partner Portal, where you can create, view, and manage your tickets.

https://cybercns.freshdesk.com/en/support/login

image-20240206-144508.png