Panaseer is launching a new capability that plans to solve one of the biggest challenges in risk management – data-driven security compliance and policy adherence monitoring. Its new compliance offering enables quantitative, continuous monitoring for internal policies and regulations. This monitoring capability gives risk, audit and compliance individuals information that security controls are deployed and operating correctly via its continuous controls monitoring (CCM) platform.
Currently, to ensure compliance with industry regulations or established internal policies, organisations rely on external audits or an internal process of manual data gathering and self-attestations. Additionally, existing GRC and IRM tools are only effective in documenting the security policies but cannot measure if or how well the controls are working.
The new capability within Panaseer’s CCM platform introduces a flexible, data-driven approach to compliance monitoring. Based entirely on automated control observations, security and risk professionals can now use quantitative measurement for internal security policy compliance and report against any security framework such as NIST CSF, CIS and compliance standards such as PCI etc.
Charaka Goonatilake, CTO, Panaseer, said: “Traditionally, Integrated Risk Management practices have relied on manual, human-driven approaches to self-assess and assure that security controls are deployed and implemented correctly, across all assets in an organisation. This time-intensive, expensive and error-prone process doesn’t marry well with an ever-increasing list of requests from the Board, regulators, auditors and other stakeholders.
“CCM for Risk and Compliance has been specifically designed to address this pain point in compliance assessment. The platform provides unparalleled visibility of assets and control coverage, with the ability to configure the measurement criteria to reflect policies and standards, so the compliance measurement is tailored to the organisation.”
The platform also substantiates compliance with time-stamped, historical control status and provides visibility into areas of non-compliance. Users can configure changes to policies’ measurement scope in real-time and the changes are automatically tracked and recorded for reporting.
David Fairman, renowned CISO/CSO and Panaseer Advisory Board Member: “Organisations are swimming in data about their devices and controls, but this deluge of information cannot help them address regulatory requests unless they can accurately say whether the controls are switched on, working, complying to internal security policies and they have full coverage. Panaseer enables operational teams to assure their controls environment timely and efficiently and solves a very big headache for compliance, risk and audit teams by equipping them with a holistic, real-time view of controls effectiveness and coverage, which they can align to the internal policies and regulations that they need to adhere to.”
Panaseer was recently recognised as having the ‘Best Regulatory Compliance Tools and Solutions’ at the 2020 SC Awards Europe.