IT Controls Management

What do all compliance programs, such as SOX, PCI, ISO 27002, and SAS 70 have in common? They all demand that the IT department implement comprehensive controls to ensure the security and integrity of enterprise data, systems, networks, and facilities. These controls are often the very things that the CIO needs to implement anyway – but there are challenges:

• Are the required policies and procedures in place and up to date?
• Are the controls being applied and the right things being done?
• Can it be proven to the satisfaction of an auditor or assessor that controls are working effectively?
• Is the same costly validation work unnecessarily repeated for multiple audits?

Be in Control and in Compliance

ProcessUnity's IT Controls Management solution gives management the tools to define, implement, document, and verify IT controls, while avoiding duplicate work and maintaining evidence of compliance needed for ongoing audits and assessments.

• Get a fast start by implementing some or all of the reference control set included with ProcessUnity – controls already mapped to provisions of key IT compliance programs and standards
• Establish accountability by assigning control owners and recording their acceptance
• Store and manage policies and procedures, link them to the controls they support, access them in context, and maintain document currency
• Schedule control tests and capture results
• Track, report and manage controls development, documentation, and verification
• Assess compliance status from the perspective of different compliance programs. Map your controls to the regulations and standards they implement
• Give auditors and assessors access to just the evidence they need to verify your compliance with a specific program