Build a Security Compliance Program

Cost-effective compliance is possible.

Book This Workshop

Many organizations struggle with security and data protection compliance management:

  • Most organizations spend between 25 and 40 percent of their security budget on compliance-related activities.
  • Only 28% of organizations believe that government regulations help them improve cybersecurity.
  • 58% of companies see compliance costs as barriers to entering new markets.
  • While the costs of compliance are high, the costs of non-compliance are almost three times greater.

An effective security compliance management program can:

  • Reduce complexity within the control environment by using a single framework to align multiple compliance regimes.
  • Provide senior management with a structured framework for making business decisions on allocating costs and efforts related to cybersecurity and data protection compliance obligations.
  • Reduce costs and efforts related to managing IT audits through planning and preparation.

Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now

Member Rating

Overall Impact

Average $ Saved

Average Days Saved

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

Read what our members are saying

Module 1: Establish the Program

The Purpose

  • Establish the security compliance management program.

Key Benefits Achieved

  • Reviewing and adopting an information security control framework.
  • Understanding and establishing roles and responsibilities for security compliance management.
  • Identifying and scoping operational environments for applicable compliance obligations.

Activities: Outputs:
1.1 Review the business context.
  • RACI matrix
1.2 Review the Info-Tech security control framework.
1.3 Establish roles and responsibilities.
1.4 Define operational environments.
  • Environments list and definitions

Module 2: Identify Obligations

The Purpose

  • Identify security and data protection compliance obligations.

Key Benefits Achieved

  • Identifying the security compliance obligations that apply to your organization.
  • Documenting obligations and obtaining direction from management on conformance levels.
  • Mapping compliance obligation requirements into your control framework.

Activities: Outputs:
2.1 Identify relevant security and data protection compliance obligations.
  • List of compliance obligations
2.2 Develop conformance level recommendations.
  • Completed Conformance Level Approval forms
2.3 Map compliance obligations into control framework.
  • (Optional) Mapped compliance obligation
2.4 Develop process for operationalizing identification activities.
  • (Optional) Identification process diagram

Module 3: Implement Compliance Strategy

The Purpose

  • Understand how to build a compliance strategy.

Key Benefits Achieved

  • Updating security policies and other control design documents to reflect required controls.
  • Aligning your compliance obligations with your information security strategy.

Activities: Outputs:
3.1 Review state of information security policies.
3.2 Recommend updates to policies to address control requirements.
  • Recommendations and plan for updates to information security policies
3.3 Review information security strategy.
3.4 Identify alignment points between compliance obligations and information security strategy.
3.5 Develop compliance exception process and forms.
  • Compliance exception forms

Module 4: Track and Report

The Purpose

  • Track the status of your compliance program.

Key Benefits Achieved

  • Tracking the status of your compliance obligations.
  • Managing exceptions to compliance requirements.
  • Reporting on the compliance management program to senior stakeholders.

Activities: Outputs:
4.1 Define process and forms for self-attestation.
  • Self-attestation forms
4.2 Develop audit test scripts for selected controls.
  • Completed test scripts for selected controls
4.3 Review process and entity control types.
4.4 Develop self-assessment process.
  • Self-assessment process
4.5 Integrate compliance management with risk register.
4.6 Develop metrics and reporting process.
  • Reporting process
  • Recommended metrics
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019