SureCloud adds continuous monitoring to GRC solutions
SureCloud has added continuous monitoring capabilities to its suite of IT GRC solutions, in an attempt to help organisations achieve timely detection of compliance and risk issues.
According to the company, the update comes as regulatory change, rising security risks, and increased scrutiny are driving organisations to require more continuous and real-time assurance that high-rated risks are managed, and that appropriate controls are in place and operating effectively.
Continuous monitoring, sometimes referred to as continuous control monitoring (CCM), automates the collection and analysis of data to check that controls are operating effectively in near real-time.
By providing greater transparency into the operations and more timely detection of compliance and risk issues, continuous monitoring enables security and compliance professionals to identify priorities and direct resources to the areas most important to the business, the company states.
Weak or poorly designed controls can be corrected or replaced, therefore enhancing the organisations risk posture.
Historically, organisations have relied on manual, periodic assessments to understand the effectiveness of controls. However, manual reviews only capture a single point in time and can be slow and costly to undertake.
Following the addition of continuous monitoring capabilities, SureCloud allows security and compliance professionals to create key control indicators (KCIs) and define the schedule, frequency and context, together with multiple thresholds, to automatically identify changes in control effectiveness based on pre-defined business logic.
They can also automatically notify everyone involved of any changes, meaning action can be taken before it becomes an issue.
In addition to its continuous monitoring capabilities, SureCloud offers pre-mapped control content, including access to the complete Secure Controls Framework (SCF) catalog, along with automatic updates, for a thorough list of industry regulations and standards.
This includes PCI, HIPAA, ISO 27001, 27002, 27017, NIST 800-52, CSF, Privacy Framework, CSA and more.
SureCloud VP of product Alex Brown says, “Enabling customers to continuously monitor controls complements our existing integration with the SCF.
"Now, customers can make sure that their controls are up-to-date through the content provided by the SCF, as well as make sure they’re effective through the continuous monitoring of key control indicators.”
SureCloud CEO Richard Hibbert says, “In recent years, the IT GRC industry has realised the importance of moving from point-in-time assessments to continuous monitoring through technology like ours.
"As managing governance, risk, and compliance becomes increasingly complex, organisations need ways to manage their programs that address this complexity.
"Our new continuous monitoring capabilities provide always-on visibility of control effectiveness and the ability to take decisive action when that effectiveness changes.”