Compliance controls management is an integral part of every organization’s Governance, Risk, and Compliance (GRC) efforts. Today, most organizations need to comply with multiple regulations and standards. Terms like SOX, HIPAA, PCI, FFIEC, Solvency, AML, and NERC have become a standard part of the business vocabulary. Standards such as ISO 27000 series and NIST 800 series provide a solid baseline for customer to develop their own control framework, but mapping and managing controls across mandates and standards remains a manual and repetitive task as regulatory requirements and internal policies change.
Common control frameworks such as the Unified Compliance Framework™ (UCF) features harmonized controls that are mapped across over 500 different international standards and regulations. The UCF helps organizations eliminate redundant, overlapping compliance requirements that span hundreds of different regulations. While the common control framework has alleviated most of the pain of control mapping, much manual work is still required to keep up with content updates delivered in Excel spreadsheet and XML documents.
Aruvio Controls Simplifies Controls Management
Aruvio makes compliance control management easy. Using the Aruvio Controls, part of the Aruvio GRC Suite, you can build a controls framework that combines internal controls with industry standards such as ISO 27000 series, and common controls such as the UCF. Aruvio Controls makes it simple to create and manage control mappings. When used in conjunction with UCF controls, Aruvio Controls lets you create and manage an enterprise-wide controls library. Using such a library enables a consolidated assessment effort and compliance reporting against multiple mandates using one set of assessment results. Aruvio Controls allows you to append custom data elements to internal and external controls while eliminating manual-merge of custom fields between different Microsoft Excel spreadsheet versions of external content. Once contents are finalized, you can export controls back to Microsoft Excel to continue with manual assessment processes. Alternatively, you can use Aruvio Compliance to automate your assessment processes. You can also take advantage of the Force.com social features for more effective notifications.
Controls and Regulatory Change Management Made Easy
- Use pre-loaded UCF controls, or CCM (from the Cloud Security Alliance), or bring in your own control frameworks.
- Simplify the creation, mapping, and update of internal and external controls.
- Transparent updates of UCF and CCM framework updates as soon as new versions are released instead of waiting for months or years.
- Visualize and reconcile changes across control versions with ease.
- Alerts and Notification on regulatory control changes as soon as newer releases updated.
- No more time wasted in input consolidations: all compliance docs are located in a single location, and inputs are integrated in the Aruvio database.