Ostendio MyVCM™ Platform Overview


MyVCM   Home - cropped

Individual Dashboard

Within the Ostendio MyVCM™ software platform each user can see a personalized dashboard that provides a prioritized and calendarized view of all tasks they have been assigned.  This personal dashboard also indicates their unique compliance score and specifically shows how this compares with the rest of the organization. The relative comparison motivates each individual to complete all the tasks they have been assigned. 



Corporate Dashboard

The Corporate Dashboard provides an aggregate view of the organization and provides a single compliance score for that organization.  This dashboard also provides a comparative analysis but this time with other organizations within the MyVCM Trust Network™. This view also allows for those with the appropriate access level to drill down to a location, facility, department or individual, and to review snapshot data like overall transaction completed, number of documents added, audits reviewed and tickets closed.

Ostendio MyVCM can guide you through the process of building a security program

Asset 12@2x-1


Ostendio MyVCM guides you through the process of building a complete Security and Privacy program, from Risk Assessment to policy and procedures development. 

Asset 11@2x-1


Tracking and executing hundreds of tasks - day-in, day-out - across a busy organization is daunting, but Ostendio MyVCM makes it simpler to stay audit-ready.


Asset 10@2x-1


Make data-driven risk management decisions - Real-time analytics give customers, regulators, management and employees visibility into company performance against security and privacy objectives.




The MyVCM Assessments module is our recommended starting point for building or maturing your security program.  It creates security assessment templates that can be managed and reviewed internally or via external Auditors. The Assessments module makes it easy to pre-build assessment questionnaires for over 100 regulations and standards while also supporting ad-hoc and custom assessments.  Answer types can be customized to your preferred Capability Maturity Model (CMM), and real-time evidence and notes can be linked to the relevant control, ensuring the most current information is always available for review.
Let’s Talk


Vector (4)
The MyVCM Document module provides all the features of a fully operational Document Management System, serving as the central repository and access point for all policies, procedures, contracts, SOPs and any other critical documentation.  Workflow powers document approvals acknowledgment processes, allowing Ostendio MyVCM to track both approvals and acknowledgments across all documents and for all users.  The document module can be used for simple document storage or as an actual Document Control resource for a Part 21 compliant Quality Management System. It can also link to documents in other document solutions such as Google Docs, SharePoint, Dropbox, Box, etc.
Training Icon-new

The Ostendio Training module is a full Learning Management System allowing for the creation, distribution, and assessment of training.  Training can be sourced from the Document module, uploaded directly or linked to a third party Learning Management System. Training can be one time or recurring and can be scheduled as required.  Training can be automatically assigned to new employees, or set to renew with a set time period. The Ostendio Training module can also be used to track certifications from third-party training authorities.  


The Ostendio Asset module allows you to track all physical and virtual data stores.  It lets you track additional attributes for Hardware, Virtual Hardware, SaaS, IaaS, PaaS, Software and any other type of data storage environment.  As well as tracking location and ownership information, the Asset module allows for access to be tracked. Combined with privacy information and other attributes like business impact, criticality, dependent assets, and Business Continuity information, the Asset module actually helps you to create an Asset Risk Register and to report who has access to what data within the organization.  

The Audits module allows users to create one-time and recurring task schedules for routine activities with automatic assignments to the responsible people.  Activity schedules can be created related to documents, organizations, and assets with all tasks appearing in the responsible person’s inbox with the specified due date.  Audit examples might include Data Access Audits, OS Updates, Log Reviews, Patching schedules or any other control based task. Ostendio MyVCM closes the loop by tracking the compliance tasks and making it easy to ensure remediation is taken when tasks are found to be non-compliant.
Users Icon-new

Within the Ostendio MyVCM platform you can create both static and dynamic user groups.  

Static groups are a fixed list of users created by simply adding or removing users.  This may be helpful for creating project teams where the user list is fixed.

Dynamic groups use criteria from the user profile such as Location, Job Title, Department, Role, Employment status, etc.  This allows for dynamic activities such as role-based training, location-based procedures, departmental audits.  When new employees join departments, move locations, or change roles then they are automatically added or removed from the relevant lists.  

Collections Icon-new

The collections module groups Documents, Training, Audits, and Tickets, etc. across Organizations and Projects.

Organizations can be vendors, partners, customers or any other stakeholder group. Grouping information by organization makes it easy to support effective vendor or partner security.

Projects enable the creation of custom activity groups.  For example, all the evidence required for an Internal or External Audit can be added to a Project or all activity related to a specific security control frameworks or any other project type initiatives.  

Tickets Icon-new

The Ostendio Ticket Module operates like an enterprise ticketing tool to track Incidents, Change Requests, Complaints, Individual Tasks, and Exceptions.  The Ticket module also supports pre-defined processes and includes a Part 11 compliant Corrective Action/Preventive Action (CAPA) workflow. Ostendio MyVCM also contains Smart Tickets which are associated with predefined workflows.  

CAPA SmartTickets support a fully compliant CFR 21 Part 11 compliant Corrective Action/Preventative Action workflow.  

Onboarding/Offboarding SmartTickets enable a single process for onboarding and offboarding employees and contractors.  

Location Icon-new
In locations, all people, assets, and organizations can be geolocated to ensure data can always be tracked to its specific location, wherever it is in the world.  
Report Icon-new
Ostendio MyVCM comes with a standard set of reports for every module.  All reports can be sorted, filtered and exported ensuring all data within the Ostendio MyVCM platform can be analyzed to its fullest potential.
The MyVCM Wiki will allow you to quickly search, view and download documentation by simply locating the appropriate Wiki file using the search capabilities or by navigating to the article using the navigation menu.  The MyVCM Wiki has a powerful search feature that allows you to search by the Wiki folder, file name or through the actual contents of a Wiki file for keywords related to your search.  

MyVCM CrossWalk

The CrossWalk feature set makes it easy for any sized organization to prepare for and execute security audits.

Corporate Profiles are your organization’s public outward-facing presentation to customers and other stakeholders. A corporate profile is used to explain items like the operational makeup of your organization, your product/services, revenue, key employee information and more, at a high level.

CrossWalk SmartTags allow you to associate artifacts in the Ostendio MyVCM platform with the relevant security control for over 100 security standards and regulations. Once a tag has been assigned, artifacts are automatically mapped to the equivalent corresponding tag in every other security framework and regulation. SmartTags display the relevant Authority, Framework, Security Domain, and Control Description and they also allow you to add them to other relevant frameworks where necessary.


CrossWalk Assessments allow template assessments to be created and managed through the various internal and external phases of a security audit. CrossWalk Assessments pre-build questions for over 100 regulations and standards while also supporting ad-hoc and custom assessments. Workflow automates approval processes across assessments for internal and external stakeholders. Benchmarking estimates your compliance for any number of new frameworks based on other assessments you’ve completed using the Ostendio MyVCM platform.



Document Templates (Customizable MS Word)

The Ostendio MyVCM platform has more than 300 information security and privacy templates, covering requirements of ISO 27001, NIST 800-171, HIPAA, etc.  All templates include predefined placeholders in MS Word format for easy customization.

Premium content – Ostendio MyVCM Premium and Ostendio MyVCM Enterprise customers also get access to Digital Security Program (DSP) templates from Compliance Forge.  The DSP templates cover over 32 security domains and can be mapped to over 100 regulations and standards globally.

Training &
Assessment Templates

Ostendio MyVCM offers foundational security training content such as “Protecting Personal Information - Foundations of Information Security” and regulation-specific training on subjects like HIPAA Security, Privacy, and Breach Notification rules.

Premium content – MyVCM Premium and MyVCM Enterprise customers receive more than 600 premium security training modules from leading training providers such as KnowBe4, Security Awareness Company, Securable.io, AwareGO, and Popcorn Training.  Simulated Phishing support is also included.

MyVCM Trust Network™

MyVCM Trust Network logo

The MyVCM Trust Network™ connects organizations with their vendors to help them safely share security information. MyVCM Trust Network members can invite their vendors to complete custom risk assessments and share information easily and in real-time.  

This allows vendors to demonstrate compliance to their customers in a real-time, always-on fashion, easing sales processes and reducing compliance burdens.

Companies can mandate that vendors provide their compliance information directly with them, via the Ostendio MyVCM platform.  This dramatically reduces the risk of vendor-related data breaches.

Ostendio established The MyVCM Trust Network Awards to recognize and reward excellence in Security and Compliance.

Let’s Talk