Glen Peck - Compliance Management and Conformance Reporting - August 2016
List your name and title:
Glen Peck
Systems Consultant
List the use case name:
Compliance Management and Conformance Reporting
Add a description of the use case:
Remediating and reporting on compliance conformance without business context is only part of a successful IT Compliance Management solution. With this solution MassMutual leverages RSA Archer’s core solutions along with external integration to identify, track, remediate and provide conformance reporting for baseline controls and vulnerabilities.
Mention any innovative capabilities that were configured:
MassMutual leveraged RSA Archer’s Compliance and Threat Management and Enterprise Management solutions along with workflow and integration with a custom Issue and Management solution in addition to a 3rd party compliance solution to identify, track, remediate and provide conformance reporting for baseline controls and vulnerabilities across the enterprise. Mapping what assets were running on devices that had either failed baseline configurations or open vulnerabilities provided business context to the risk to those critical assets.
Talk about the return on investment (ROI) in terms of real dollars, efficiency savings or other gains from using the functionality in Archer. Describe how the savings were attained and over what time period:
This solution provided single source of the truth for compliance reporting, remediation status including risk accepts of failed based controls and vulnerabilities. The solution also provides the business risk posture around compliance and conformance. We brought several groups together that manage compliance and remediation including assessors, remediation owners, information risk managers and business unit risk managers into this solution eliminating external handoffs between groups
Mention how this use case integrates with other use cases inside or outside Archer:
Core solutions included Compliance Management, Threat Management, Enterprise Management, and several on demand modules as well as integration with Qualys which is our scanning solution for both Baseline Controls and Vulnerabilities.
Please sign in to leave a comment.
Comments
0 comments