Technology Risk Management

ProcessUnity's Technology Risk Management solutions address the following areas:

IT / Information Security Controls Management

What do all compliance standards and regulations have in common (SOX, PCI, ISO 27002, FFIEC, COBIT, NIST, HIPAA, MA201, CFR Part 11, and SAS 70)? They all demand that the IT department implement comprehensive controls to ensure the security and integrity of enterprise data, systems, networks, and facilities. These controls are often the very things that the CIO needs to implement anyway – but there are challenges:

  • Are the required policies and procedures in place and up to date?
  • Are the controls being applied and the right things being done?
  • Can it be proven to the satisfaction of an auditor or assessor that controls are working effectively?
  • Is the same costly validation work unnecessarily repeated for multiple audits?

ProcessUnity gives IT management the tools required to organize, define, document, manage and test controls related to information technology. 

Regulatory & Standards Gap Assessment

ProcessUnity offers pre-loaded provisions of the major IT regulations and standards, cross-mapped to a powerful set of common IT reference controls. Since there is considerable overlap among the various standards, these controls and mappings make it easy for the IT to avoid duplicate work and have one set of controls that satisfies the dictates of multiple standards.  

  • Get a fast start by implementing some or all of the reference control set included with ProcessUnity – controls already mapped to provisions of key IT compliance programs and standards
  • Establish accountability by assigning control owners and recording their acceptance
  • Store and manage policies and procedures, link them to the controls they support, access them in context, and maintain document currency
  • Schedule control tests and capture results
  • Track, report and manage controls development, documentation, and verification
  • Assess compliance status from the perspective of different compliance programs. Map your controls to the regulations and standards they implement
  • Give auditors and assessors access to just the evidence they need to verify your compliance with a specific program

Vendor Information Risk Management

More and more companies require their vendors to undergo information risk assessments before signing or renewing vendor contracts, especially when sensitive data or critical business operations are involved. ProcessUnity’s Vendor Information Risk Management solution reduces the cost and complexity of vendor risk assessments, and creates a collaborative on-demand environment to streamline the end-to-end process for the companies, vendors, and assessors involved. The ProcessUnity solution includes:

  • Questionnaire creation and maintenance
  • Notification and collaboration support 
  • Vendor access for questionnaire responses
  • Analyst / assessor tools for findings and issues tracking
  • Management reports for tracking status and progress
  • Vendor summary reports and dashboards