Regulatory Content and Control Mapping
Hi folks,
We are currently consuming regulatory content from a 3rd party provider into RSA Archer and connecting to business controls to evidence compliance. We deployed this use case over a year ago, but are seeing poor adoption I think in part to the granularity of the data that the 1st LOD is being asked to act upon. We’ll be conducting an “opportunity analysis” in the near future to re-evaluate the process/ use case. A couple of requirements that are of particular interest are;
- The concept of dispositioning regulatory requirements as actionable/ non-actionable based on unique relationship of regulatory requirement back to product and organization (AKA regulatory association record)
- Alignment of controls to each actionable regulatory association record
I’d like to chat with anyone that is willing to compare approaches in preparation for our re-evaluation of our deployment. You can reply here or contact me at
0
Please sign in to leave a comment.
Comments
0 comments