Within the Ostendio MyVCM™ software platform each user can see a personalized dashboard that provides a prioritized and calendarized view of all tasks they have been assigned. This personal dashboard also indicates their unique compliance score and specifically shows how this compares with the rest of the organization. The relative comparison motivates each individual to complete all the tasks they have been assigned.
The Corporate Dashboard provides an aggregate view of the organization and provides a single compliance score for that organization. This dashboard also provides a comparative analysis but this time with other organizations within the MyVCM Trust Network™. This view also allows for those with the appropriate access level to drill down to a location, facility, department or individual, and to review snapshot data like overall transaction completed, number of documents added, audits reviewed and tickets closed.
The Ostendio Training module is a full Learning Management System allowing for the creation, distribution, and assessment of training. Training can be sourced from the Document module, uploaded directly or linked to a third party Learning Management System. Training can be one time or recurring and can be scheduled as required. Training can be automatically assigned to new employees, or set to renew with a set time period. The Ostendio Training module can also be used to track certifications from third-party training authorities.
The Ostendio Asset module allows you to track all physical and virtual data stores. It lets you track additional attributes for Hardware, Virtual Hardware, SaaS, IaaS, PaaS, Software and any other type of data storage environment. As well as tracking location and ownership information, the Asset module allows for access to be tracked. Combined with privacy information and other attributes like business impact, criticality, dependent assets, and Business Continuity information, the Asset module actually helps you to create an Asset Risk Register and to report who has access to what data within the organization.
Within MyVCM you can create both static and dynamic user groups.
Static groups are a fixed list of users created by simply adding or removing users. This may be helpful for creating project teams where the user list is fixed.
Dynamic groups use criteria from the user profile such as Location, Job Title, Department, Role, Employment status, etc. This allows for dynamic activities such as role-based training, location-based procedures, departmental audits. When new employees join departments, move locations, or change roles then they are automatically added or removed from the relevant lists.
The collections module groups Documents, Training, Audits, and Tickets, etc. across Organizations and Projects.
Organizations can be vendors, partners, customers or any other stakeholder group. Grouping information by organization makes it easy to support effective vendor or partner security.
Projects enable the creation of custom activity groups. For example, all the evidence required for an Internal or External Audit can be added to a Project or all activity related to a specific security control frameworks or any other project type initiatives.
The Ostendio Ticket Module operates like an enterprise ticketing tool to track Incidents, Change Requests, Complaints, Individual Tasks, and Exceptions. The Ticket module also supports pre-defined processes and includes a Part 11 compliant Corrective Action/Preventive Action (CAPA) workflow. MyVCM also contains Smart Tickets which are associated with predefined workflows.
CAPA SmartTickets support a fully compliant CFR 21 Part 11 compliant Corrective Action/Preventative Action workflow.
Onboarding/Offboarding SmartTickets enable a single process for onboarding and offboarding employees and contractors.
The CrossWalk feature set makes it easy for any sized organization to prepare for and execute security audits.
Corporate Profiles are your organization’s public outward-facing presentation to customers and other stakeholders. A corporate profile is used to explain items like the operational makeup of your organization, your product/services, revenue, key employee information and more, at a high level.
CrossWalk SmartTags allow you to associate artifacts in the MyVCM platform with the relevant security control for over 100 security standards and regulations. Once a tag has been assigned, artifacts are automatically mapped to the equivalent corresponding tag in every other security framework and regulation. SmartTags display the relevant Authority, Framework, Security Domain, and Control Description and they also allow you to add them to other relevant frameworks where necessary.
CrossWalk Assessments allow template assessments to be created and managed through the various internal and external phases of a security audit. Assessments pre-build questions for over 100 regulations and standards while also supporting ad-hoc and custom assessments. Workflow automates approval processes across assessments for internal and external stakeholders. Benchmarking estimates your compliance for any number of new frameworks based on other assessments you’ve completed using MyVCM.
MyVCM has more than 300 information security and privacy templates, covering requirements of ISO 27001, NIST 800-171, HIPAA, etc. All templates include predefined placeholders in MS Word format for easy customization.Premium content – MyVCM Premium and MyVCM Enterprise customers also get access to Digital Security Program (DSP) templates from Compliance Forge. The DSP templates cover over 32 security domains and can be mapped to over 100 regulations and standards globally.
The MyVCM Trust Network™ connects organizations with their vendors to help them safely share security information. MyVCM Trust Network members can invite their vendors to complete custom risk assessments and share information easily and in real-time.
This allows vendors to demonstrate compliance to their customers in a real-time, always-on fashion, easing sales processes and reducing compliance burdens.
Companies can mandate that vendors provide their compliance information directly with them, via MyVCM. This dramatically reduces the risk of vendor-related data breaches.