Compliance programs tend to be managed by numerous spreadsheets that outline controls, document their assessments and delegate ownership. We seek to streamline that into a cloud-based tool that is centrally managed and readily available for delivering reports and documents that support compliance requirements.
CyMetric is a “people and process” risk management tool that supports the front end of the regulatory compliance process – before technical solutions are put in place. To accomplish this, CyMetric provides legally vetted interpretation of various regulations for their data privacy/data security component; and proposes NIST-based controls that can be implemented to support the requirements of the laws companies need to comply with. These controls are documented and outputted into a policy document that can become the basis for an organization’s cybersecurity policy.
For example, if you are seeking to comply with new mandates of GDPR, CyMetric will provide all of the controls that will satisfy the requirements of the law based upon your specific risk tolerances and data profiles. Part of what CyMetric seeks to accomplish is to ensure that investments in technical infrastructure are serving the dual purpose of protecting data assets and meeting the legal requirements of the various regulations organizations are being held accountable to.
CyMetric also provides a mechanism to track the progress of the implementation of the program through a controls assessment module, where maturity can be measured and findings documented. This process is outputted in reports and dashboard windows, providing stakeholders visibility into how the company is performing with its compliance program.