Client
Regulatory
Compliance
Security
Controls and
Policies
Governance
Policies
IT Policies &
Standards
Financials
Assess and
Plan Phase
of CAP
3rd Party,
Regulatory &
Industry
CTP
Dashboard Reporting
CTP Governance Tooling
(Configurable Modules)
Regulatory
Controls
• Alerts
• Continuous Monitoring
• Snapshots
• Testing
Optimization
• Recommendations
• Remediations
• Continuous
Improvements
Industry
Standards
Figure 2: Continuous Compliance - Data Aggregation
As you can see in Figure 2, Continuous Compliance provides a single view for
regulatory and corporate compliance and security and governance. Data is
brought into a single unified view that can trigger alerts and, through automation or human intervention, correct issues in near real time.
Take PII (personally identifiable information) for example, which is illegal to
leverage in many ways. Continuous Compliance ensures cloud operations are
in compliance with pre-set governance and usage patterns. If, for some reason,
the usage patterns fall out of compliance, then alerts are triggered and automatic remediation processes kick in. The objective is to bring the systems back
into compliance as quickly as possible.
Other items that Continuous Compliance addresses:
• Continuous monitoring, alerts and testing. This provides a cohesive look
at what is happening in the systems that reside in and out of your cloud
environment, enabling you to view “snapshots” of your systems and data
whenever necessary. Aggregated data can be reviewed by people, or trigger automated processes that take corrective action when needed.
• Early warning, prevention and remediation. Using the previous
concept of continuous monitoring, alerts, and testing to make the problem known, this concept is the process of warning compliance experts,
as well as remediating the problem as soon as possible.
• Minimize audit preparation and costs. Continuous Compliance
enables you to continuously deal with what is needed to move quickly
through an internal or external driven audit process. We are not referring to how best to prepare for an upcoming audit. We are referring to a
64 | THE DOPPLER | FALL 2016