Reporting on Your Information Security Framework Compliance

Posted on February 12, 2020 - by Darren Gallop - in Building Your InfoSec Program

How to generate reports on your security program for customers or board members

Businesses need answers to critical questions about their compliance with security controls. Companies often lean on their technical leaders, legal team, and/or consultants to get these answers. (Maybe with the use of some spreadsheets too.) Let’s say:

  • Your enterprise prospects start sending you vendor security assessments and asking for your compliance with common cybersecurity frameworks, like SOC 2 or CIS Critical Security Controls
  • A board member asks, “What does the company need to do to become compliant with the California Consumer Privacy Act?” 
  • Your investors want to know, “Is the company GDPR compliant and able to expand to European countries?” 

These are some of the reasons our team is excited about the most recent update to the Securicy platform: our policy content now covers more security controls, with features in our Reporting Center to show your compliance with SOC 2, CIS Critical Security Controls, GDPR, and CCPA controls. Even with the security policies, tasks, and sign-offs in a free Securicy account, you can see which security frameworks match up with your policies.

How to Report on Your Security Framework Compliance

It’s crucial for businesses to have a way to run quick reports and get instant answers. 

  • Securicy’s Reporting Center allows you to filter and sort controls, policies, and the status of implementation tasks. 
  • This allows your executives or security team to easily monitor and share critical details about your information security program.

By filtering and sorting controls, policies, and task status, you can easily check your compliance with key frameworks or regulations, like GDPR and CCPA. You can tailor each report to choose the pages you want, and select specific controls, task status, or policies.  Reports also give you options to include a cover page, table of contents, and custom summaries.

Using these tools, you can customize, download, and send reports to customers, prospects, and other stakeholders like board members. Later, you can re-download reports or quickly access them in the Archive inside our Reporting Center. 

Key Fields in Your Securicy Compliance Reports 

With Reporting Center, you can quickly see how your security program stacks up against top security frameworks. You can trash those spreadsheets full of security controls, neglected folders of policy documents, and project management apps for security implementation. There’s a better, easier way than ever to build, manage, and report on your security compliance.

  1. Controls: Reporting Center allows you to filter by controls, which outline industry best practices. Reporting Center now has more control mapping functionality, including for SOC 2, CIS CSC, GDPR and CCPA controls. (Many of these policies are also in line with ISO 2700K, HIPAA, NIST, and other business needs – stay tuned for future security control updates in our Reporting Center.)
  2. Policies: Quickly sort through your policies to see what tasks are complete, pending, or sort out ones that are not applicable for your company. 
  3. Tasks: View which of your policies are related directly to a specific control. See which controls you have configured, implemented, or where there are gaps you need to address. Or mark a control as “Not Applicable” if that policy doesn’t apply to your business.

Choosing the Security Controls You Leverage

More businesses are using CIS Critical Security Controls to build a security program from scratch, following industry best practices for security and privacy. Other businesses and SaaS companies are focused on meeting requirements for SOC 2 audits, to earn trust with enterprise customers and protect their business. Meanwhile doing business in Europe and the state of California means more businesses than ever are concerned about GDPR and CCPA compliance. 

With Securicy, you can easily track all or any of these security controls. This puts you, or your Chief Information Security Officer, in the position to stay organized while juggling multiple frameworks or compliance requirements. 

  • Using Securicy’s platform, it is easier than ever to run reports to identify your compliance with these security frameworks and track controls that are still in progress. 
  • Securicy’s platform now covers up to 144 security controls for upgraded accounts and we are continuously expanding the content available for your security policies. (For free accounts you get the full implementation and reporting tools for the first five policies, a great start for companies that are building or updating a security and privacy program.)  
  • Quickly identify the requirements to comply with specific security controls. Sort for controls with a “Pending” status and you might identify that you still need to implement a security awareness training program and get employee sign-off on a policy. From there, you can make sure the right employee is assigned to plan and launch your security awareness training program, using a provider you’ve selected or Securicy’s training courses.

When Were Your Policies Last Updated? 

It is best practice to review, update, and have employees accept policy changes on an annual basis. For many businesses, that means looking at their security policies and how they can increase protections against cyber threats. With increasing ransomware and supply chain attacks, now is an ideal time to launch an internal project to update your security policies and procedures.

We say “now” is the ideal time, because too many businesses wait until after a cyber attack or data breach. 

Many of our customers have successfully used our platform to reach their security, privacy, and compliance goals. With this updated policy content, designed specifically to map to the frameworks you use, it’s an even smoother experience for reporting on framework compliance. You can get the benefits of control mapping, gap analysis, and custom reporting on your security program. 

Does your business need to improve your security compliance reporting?


Get custom information security policies generated for your business in minutes. Securicy guides you through creating, implementing, and reporting on your cybersecurity plan.
GET A FREE ACCOUNT

Tags:

About the author

Darren Gallop is a tech entrepreneur, information security expert, Techstars alumni, board member, and the CEO of Securicy. He co-founded Securicy and led the team to develop a SaaS product that guides businesses through creating, implementing, and managing their information security and privacy compliance program. Gallop previously co-founded Marcato and was CEO there for 10 years, until the successful event management software company was acquired by Patron Technology. He is fluent in English, French, and adept in Spanish. Gallop spends much of his non-work time traveling or engaging in the outdoors. Swimming, fly fishing, canoeing, camping, and surfing (basically in that order). He is from Nova Scotia, Canada.