It is hard to believe it has been a year since we launched MyVCM CrossWalk Assessments. This new feature radically changed the way companies approached their data security programs and many Ostendio customers are enjoying the benefits that the feature offers. In the last year, 92 organizations completed an incredible 27,494 assessment activities showing the growing importance of data security and privacy in general business practices. The activities completed include:
- The creation of 339 individual security assessments and audits (which have also been viewed 4,656 times)
- 7,047 security questions have been answered
- 4,515 artifacts have been uploaded or associated as supporting evidence
- 2,334 security notes have been added
During this time, Ostendio has also continued to innovate with our goal of making data security accessible to all companies regardless of their size. We launched MyVCM Auditor Connect and My VCM Vendor Connect programs which build on the MyVCM platform by enabling CrossWalk Assessments to be used for both third party security audits and external Vendor Risk Management assessments. Assessments can be created within the MyVCM CrossWalk Assessment module to be reviewed or completed by any auditor or vendor within the MyVCM Trust Network, significantly increasing the utility of the feature. Over half of all recorded activities on the MyVCM platform last year were related to either an AICPA SOC2 audit or a HITRUST MyCSF assessment showing the growing importance of these standards.
Ostendio is making the complex task of security audits more achievable for a growing number of organizations. This benefits everyone from the consumer who is providing PII, the Ostendio customer who wishes to keep that PII safe and the auditor who can easily see that security assessment standards have been met. The MyVCM Trust Network takes that even further with MyVCM Vendor Connect ensuring that any vendor who has access to the information held by an Ostendio customer is also meeting security standards.
So how can MyVCM CrossWalk Assessments make compliance easier for your business?
Here are six MyVCM CrossWalk Assessment advantages:
Simplifies creating a security program and/or expanding an established security program - The CrossWalk Assessment benefits companies who are just starting out on their security journey as well as those with a more established security posture. If you are starting out, the questions for each security regulation are preloaded. If you have an already established set of questions, it is simple to upload them into the system and see where any gaps may exist.
Avoid duplication - The CrossWalk Assessment avoids the need to copy or duplicate evidence reducing time spent collating data from multiple systems and sources and maintaining logs in cumbersome spreadsheets. Simply complete the work needed for one assessment and the MyVCM platform will show you where this compliance work can be applied to other regulations. You can even run a gap report between any of over 100 standards and regulations.
Access pre-loaded questions for assessments - Questions are preloaded for industry assessments including SOC 2, HIPAA, GDPR, FedRAMP etc. Many questions are used in more than one security standard and MyVCM automatically applies the relevant question data from one assessment to the corresponding questions from another assessment. So if your organization is interested in complying to multiple standards and regulations, using MyVCM CrossWalk Assessment makes it easy.
Active communication with Auditor Connect partners - MyVCM users can select and contract directly with our authorized Auditor Connect partners within their instance. The audit partner will price, contract and engage with the client and then conduct the entire audit via their own dedicated MyVCM instance. MyVCM customers will communicate with their auditor inside the MyVCM platform by exchanging notes and guidance as a security audit progresses. This can reduce the time and effort for the audit by more than 50%, which is also reflected in the auditor price.
Benefits for auditors and companies - The CrossWalk Assessment benefits auditors who are able to see the level of compliance a company has reached and view supporting documents which significantly reduces the time they need to spend helping companies through compliance audits. By reducing the time spent on audits there is a cost saving for both auditors and their customers.
Identifies gaps in security - The CrossWalk Assessment feature helps you look ahead to your security audits, shows you where you have gaps and what documentation is required. Documenting compliance with security frameworks can be time consuming and inefficient. The MyVCM CrossWalk Assessment makes that process easy with a clear dashboard showing what is required. For example, many Ostendio customers have used the CrossWalk feature to compare the documentation they have for a SOC 2 with their HIPAA requirements. This saves time and money when applying for multiple security certifications.
As the demand for data security grows, a tool like the MyVCM platform is becoming more essential to all businesses. With the increasing number of state regulations like the CCPA (California Consumer Privacy Act) and the New York SHIELD act, as well as other broader regulations like GDPR (General Data Protection Regulation) many companies have become aware of the need to showcase their compliance to multiple security and privacy standards. Ostendio MyVCM streamlines that process for companies of any size and the MyVCM CrossWalk Assessment makes organizing and tracking evidence for an audit a much simpler process. Evidence can also be exported for audits such as HITRUST, eliminating the need to manually upload data to proprietary systems.
The CrossWalk Assessment feature is only a part of what MyVCM has to offer. Ostendio also brings together MyVCM Vendor Connect and MyVCM Auditor Connect to expand the MyVCM Trust Network to your auditors and vendors.
Learn more about MyVCM CrossWalk by talking to an expert at Ostendio about how we can help with your data security program.