The Doppler Quarterly Fall 2016 - Page 66

Client Regulatory Compliance Security Controls and Policies Governance Policies IT Policies & Standards Financials Assess and Plan Phase of CAP 3rd Party, Regulatory & Industry CTP Dashboard Reporting CTP Governance Tooling (Configurable Modules) Regulatory Controls • Alerts • Continuous Monitoring • Snapshots • Testing Optimization • Recommendations • Remediations • Continuous Improvements Industry Standards Figure 2: Continuous Compliance - Data Aggregation As you can see in Figure 2, Continuous Compliance provides a single view for regulatory and corporate compliance and security and governance. Data is brought into a single unified view that can trigger alerts and, through automation or human intervention, correct issues in near real time. Take PII (personally identifiable information) for example, which is illegal to leverage in many ways. Continuous Compliance ensures cloud operations are in compliance with pre-set governance and usage patterns. If, for some reason, the usage patterns fall out of compliance, then alerts are triggered and automatic remediation processes kick in. The objective is to bring the systems back into compliance as quickly as possible. Other items that Continuous Compliance addresses: • Continuous monitoring, alerts and testing. This provides a cohesive look at what is happening in the systems that reside in and out of your cloud environment, enabling you to view “snapshots” of your systems and data whenever necessary. Aggregated data can be reviewed by people, or trigger automated processes that take corrective action when needed. • Early warning, prevention and remediation. Using the previous concept of continuous monitoring, alerts, and testing to make the problem known, this concept is the process of warning compliance experts, as well as remediating the problem as soon as possible. • Minimize audit preparation and costs. Continuous Compliance enables you to continuously deal with what is needed to move quickly through an internal or external driven audit process. We are not referring to how best to prepare for an upcoming audit. We are referring to a 64 | THE DOPPLER | FALL 2016