We have learnt a lot in the last year since we launched the successful MyVCM CrossWalk Assessment feature, an addition to the industry leading Ostendio MyVCM integrated risk management platform. CrossWalk Assessment is a way to help companies, and their auditors, avoid duplication and reduce time spent on security and risk management paperwork when complying to multiple security standards. We have learnt more about how companies are using this feature and we have found ways to improve this valuable feature that has radically changed the way companies approach their data security programs. The uptake in use of CrossWalk Assessment clearly shows the increase in drive that companies have for multiple security standards.
Security standards have become a “must-have” for any organization that is serious about data security and privacy. By following a security standard, businesses are using a framework that helps reduce the risk of common cybersecurity threats. As InfoSec reported, consider how many data breach notifications you have read in the last 12 months and then reflect on how many of them you think could have been prevented. The bottom line is that organizations need to invest in a robust cybersecurity program in order to protect valuable data.
“Learning is a constant process of discovery, a process without end.” - Bruce Lee
What’s the biggest lesson learnt?
One of the biggest lessons we have learned in the last year is there was a significant need for a feature like MyVCM CrossWalk Assessment, as it has quickly become one the most used features of the Ostendio MyVCM platform. CrossWalk Assessment now accounts for almost 10% of all transactions carried out on the Ostendio MyVCM integrated risk management platform.
Ostendio is clearly making the complex task of security audits more achievable for a growing number of organizations. Over half of all recorded activities on the Ostendio MyVCM platform last year were related to either an AICPA SOC2 audit or a HITRUST MyCSF assessment showing the growing importance of these standards.
When you consider the mess that can be created in an organization when multiple departments start compliance to multiple frameworks, and ask for documentation and evidence from across the company, it can be hard to keep track of all that information. Companies need a tool like the Ostendio MyVCM platform to keep track of, and manage, their security and risk management program in line with critical standards allowing all relevant employees the ability to access documents, edit information and share the documentation as necessary.
What are the other lessons learnt about compliance to multiple standards?
Here are six other lessons we’ve learnt from our customers that apply to all businesses who are considering a tool that will help with their security and risk management needs.
1. Having a systematic way to track gaps via the assessment module helps provide valuable data to leadership allowing for more effective investment decisions.
The CrossWalk Assessment feature clearly shows the gaps you have with one standard compared to another, highlighting the work that needs to be done in order to bring your organization in line with an additional standard. This gives you the data you need in order to make the decision on the time and effort that would be required in order to comply with multiple standards.
2.SOC2 is the most popular security framework selected.
SOC2, closely followed by HITRUST, together account for more than half of all assessments conducted last year. Other popular assessments include the COVID-19 Vendor Assessment and Custom assessments where customers can build their own assessment to suit their needs.
3. An integrated ticketing feature simplifies assigning and tracking action
Customers are using the integrated ticketing feature with the CrossWalk Assessment module to assign and track actions. This allows them to manage all assessment requirements in a single location. CrossWalk Assessment brings all documents and evidence together in one place, reducing the need for complex spreadsheets. It allows you to project manage the need to fill gaps, you can use the integrated ticket module to assign tasks to others in the organization, then the information provided can be pulled into the assessment gap you need to fill.
4. The benefits of a chat feature.
The "in-assessment" chat feature allows for real time conversation to take place between different stakeholders involved in the audit process, with the entire thread saved within the assessment. Users can collaborate with auditors as they work on the assessment and as they compile evidence.
5. Ease of use in comparing evidence across standards.
When a single assessment has been created it is easy to use the CrossWalk function to map or compare evidence from one framework to another. For example, if you have completed a SOC2 assessment you can then run a simple gap analysis against PCI DSS and automatically map all related evidence.
6. Ability to compare progress over time.
MyVCM CrossWalk Assessment provides a systematic way to compare progress over time, making it easier to demonstrate progress or take action where progress is not being made. Organizations need a well-structured tool in order to map progress and have the ability to compare it over time.
As you can see, you can learn a lot in a year! At Ostendio we are always willing to learn - especially from our customers and we are looking forward to another successful year with the Ostendio MyVCM platform. We are discovering new ways to support our customers and improve the services we offer. Our Customer Success team works with customers individually to make sure they are making the most of using the Ostendio MyVCM platform to benefit their organization. In the last year, 92 organizations completed an incredible 27,494 assessment activities showing the growing importance of data security and privacy in general business practices. The need for security standards assessment is obviously increasing and the Ostendio MyVCM platform can help your organization with its data and risk management program.
If you would like to learn more about how MyVCM CrossWalk Assessment and the Ostendio MyVCM platform could help your business, an Ostendio expert is ready to talk or provide a free demo.
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
What do customers say?
Read real reviews from Ostendio MyVCM customers on the Capterra web site.