Controls Management Software
Compliance controls management is an integral part of every organization’s Governance, Risk, and Compliance (GRC) efforts. Today, most organizations need to comply with multiple regulations and standards. Terms like SOX, HIPAA, PCI, FFIEC, Solvency, AML, and NERC have become a standard part of the business vocabulary.
Standards such as ISO 27000 series and NIST 800 series provide a solid baseline for customer to develop their own control framework, but mapping and managing controls across mandates and standards remains a manual and repetitive task as regulatory requirements and internal policies change. Common control frameworks such as the Unified Compliance Framework™ (UCF) features harmonized controls that are mapped across over 900 different international standards and regulations. The UCF helps organizations eliminate redundant, overlapping compliance requirements that span hundreds of different regulations. While the common control framework has alleviated most of the pain of control mapping, much manual work is still required to keep up with content updates delivered in Excel spreadsheet and XML documents.
Aruvio Simplifies Controls Management
Aruvio makes compliance control management easy. Using the Controls Management, part of the Aruvio GRC Suite, you can build a controls framework that combines internal controls with industry standards such as ISO 27000 series, and common controls such as the UCF. Controls Management makes it simple to create and manage control mappings. When used in conjunction with UCF controls, Controls Management lets you create and manage an enterprise-wide controls library. Using such a library enables a consolidated assessment effort and compliance reporting against multiple mandates using one set of assessment results. Controls Management allows you to append custom data elements to internal and external controls while eliminating manual-merge of custom fields between different Microsoft Excel spreadsheet versions of external content. Once contents are finalized, you can export controls back to Microsoft Excel to continue with manual assessment processes. Alternatively, you can use Compliance Management to automate your assessment processes. You can also take advantage of the Force.com social features for more effective notifications.