Controls & Policies Management

Organisations today are inundated with regulatory mandates and guidelines to force companies to behave responsibly. However the quagmire of requirements, suggestions and best practices are leaving companies buried under a mound of paperwork and IT staff working to manage policies and associated controls.

Control and Policy management solutions can help the organisation with a framework to automate supporting processes and management of policies and controls.

This framework includes the following set of functionalities:

• Controls and policy mapping
• Policy distribution and attestation
• IT control self assessment and measurement

Controls & Policy Mapping

The fundamental ability to map an organisation's specific controls and policies into defined control objectives. This function includes a controls and policy library based on industry recognized control frameworks, regulations, standards and IT best practices, such as COSO, CobIT, ITIL, ISO27001. It also supports flexible user defined formatting and input to accommodate a wide variety of user control definitions.

Policy Distribution & Attestation

This function supports the distribution of relevant policies and other information. It includes the management of the attestation process, ensuring policies have been read, understood and that individuals will comply. Reporting tracks both response and compliance.

IT Control Self Assessment & Measurement

In addition to the rich capabilities for harvesting machine-sourced data, The Flexeye Engine enables your organisation to create and manage automated periodic questionnaires to capture knowledge stored within your organisation's most valuable assets - its personnel.

Whether used to implement a weekly audit remediation status update, a monthly ISO27001 assessment for site security officers or quarterly security awareness survey across your organisation's entire population, all results can provide key metrics around your organisation's GRC posture.

The results of each of these assessments or surveys can directly roll-up into any report, or initiate remediation workflow as required. The function includes reference content, survey functions and workflow to manage the collection of self-assessment data.