1 / 73

LockPath Keylight Sales Enablement Toolkit

LockPath Keylight Sales Enablement Toolkit.

herberts
Download Presentation

LockPath Keylight Sales Enablement Toolkit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. LockPath Keylight Sales Enablement Toolkit To support sales effectiveness, we have created the Sales Enablement Toolkit (SET) to be the one-stop shop for positioning. This document is internally focused and not intended to be customer-facing. The objectives of the Sales Enablement Toolkit are to: • Support consistency in the sales process by highlighting best practices along the sales cycle • Accelerate the sale by providing a deeper understanding of the market and our customers • Give Sales the knowledge to talk to customers and prospects about the value of Keylight • Assist in overcoming selling challenges relative to the competition and perceived gaps in Keylight To navigate within the toolkit, click on the category titles on the left to jump directly to the relevant section. Use the top navigation links to jump to sub-sections of each category. Click on arrows in the top-right corner to advance or go back one slide. The LockPath logo returns you to the start of the presentation.

  2. Keylight Platform LockPath’s award-winning Keylight platform is used by organizations to automate business processes, reduce enterprise risk and demonstrate regulatory compliance, all in an effort to achieve audit-ready status. Keylight allows an organization to house its entire list of activities, processes and information in one database. The platform consists of a fully integrated suite of management applications, connectors to vendor data sources and a user-friendly interface, accompanied by LockPath’s award-winning support.

  3. Keylight Solutions Operational Risk Management Audit Management Vendor Risk Management Health & Safety Management Compliance & Policy Management Business Continuity Management & Planning IT Risk Management

  4. Implementation The Keylight platform can be implemented in two-ways: In the cloud, or housed on premise with the Customer. The cloud solution will make up the majority of what you sell and are the most efficient to implement. Cloud = Subscription On-Premise = License

  5. Top Five Reasons to choose to deploy Keylight in the cloud Your Viewpoints. Our counterpoints. • Zero hardware With a cloud deployment you won’t have to worry about hardware limitations or vulnerabilities. We diligently manage and maintain our cloud environment so you can focus on what you do best, not on your hardware.  • No additional infrastructure resources The Keylight Cloud doesn’t require support from your IT infrastructure team. No waiting on system engineers, network engineers or database analysts to monitor and patch systems, maintain databases or perform upgrades. We handle that for you. • No maintenanceWith a cloud deployment, we perform all Keylight system updates. That means patches are always current and you automatically receive product updates during regularly scheduled maintenance/upgrade windows. Also, our single, configuration-only code base means your data linkages and reports won’t break during maintenance/upgrades. The same goes with backups and disaster recovery. It’s our responsibility.  • You have our support We live and breathe the Keylight Platform. We’re intimately familiar with the cloud and its architecture. We get to the root of the problem faster and resolve issues more efficiently. With Keylight in the cloud, it’s one less worry for IT. For support, you call us instead. • Data securityYour data security in the cloud is our top priority. Our information security management system goes through rigorous testing and is always monitored. The Keylight Platform is encrypted at rest and the Keylight Cloud is ISO 27001 certified.

  6. Your Viewpoints.Our counterpoints. “On premise is cheaper since I already have the hardware or use VMs.”Often times this is true, however, available and capable resources are two different things. In truth, most on-premise deployments end up on over provisioned or over shared hardware/virtual machines. This prevents Keylight from operating effectively.  As a result, you have to factor in additional hardware and licensing costs associated with maintaining the platform on premises. What about extra staffing required? There’s also the issue of hitting the wall with data requirements as your company grows. When all the costs and projected costs are tabulated, the total ownership cost for cloud is actually lower than on-premise. “It’s on my network, so it will run faster.” Technology advances fast, rendering today’s equipment obsolete. Remaining current and up-to-speed with an on-premise solution requires an ongoing investment in hardware and software. Is that something you’re prepared to factor into the purchasing decision?  With Keylight in the cloud, we maintain and upgrade the platform and its infrastructure, so it performs optimally. “My data is more secure on-premise.”This may be true, but more often than not, it’s false. When considering data security on premise, you have to account for both physical and logical security. How many people will have access to your data? What is your backup and disaster recovery plan should an event occur? Finally, what certifications does your data center have? Are you ISO 27001 certified? Are you compliant with SSAE16, SOC 1, SOC 2, and HIPAA?  Keylightallows for both LDAP and SAML authentication. Keylight’s Remote Directory Sync integrates with your on-premise directories to provide secure cloud access with the necessary authentication. Also, we leverage highly secure data centers that are audited against SSAE16 (SOC1, SOC2) and HIPAA on an annual basis.  “My data is easier to access on-premise.”This was once true, but cloud technology has come a long way. In fact, Keylight comes with the Keylight Ambassador, a lightweight client that establishes a secure data connection between your on-premise network and the cloud. Using the Ambassador, data imports easily, even automatically with scheduling, so you can access your data at any time from anywhere.

  7. Differentiators

  8. Dynamic Content Framework™ • LockPath’s highly scalable and flexible content engine allows you to create custom tables and fields with as many layers of security as needed. The drag-and-drop functionality enables you to create reports without developers or report writers.

  9. Conditional Layouts • With multiple layout options, you design the input to create the experience you need. The form adapts to input, conditionally hiding or requiring fields to ensure the information required is obtained.

  10. Bulk Tasks • Keylight is the only GRC platform that allows you to perform tasks in bulk. Within Keylight, you can edit a record field and apply that change to multiple records simultaneously, seamlessly migrate thousands of records from one workflow process or stage to another, or delete multiple records at once.

  11. The Keylight Ambassador™ • The Keylight Ambassador™ securely connects data from on-premise sources to the cloud, including customer applications, applications without APIs, and applications where ad-hoc data is created.

  12. Keylight Connectors • The Keylight Platform offers more than 30 connectors to vendor intelligence, data, analytics and content feeds, including Qualys, Rapid7, SecurityScorecard, SailPoint, Tenable, Tripwire and many others.

  13. Advanced Analytics Engine • Establish and monitor key performance indicators and key risk indicators, track productivity over time, and determine benchmarks for future success with true self-service and time-based analytics.

  14. Anonymous Incident Portal • Our web-based service allows employees to securely and anonymously report workplace incidents and violations, and assign those reports to response teams for investigation without revealing the reporter’s identity.

  15. Remote Directory Sync • Keylight is equipped with Remote Directory Sync to provide convenient user access through the cloud with the necessary security authentication. Remote Directory Sync leverages both SAML and LDAP directories for secure cloud authentication and syncs group memberships to establish application permissions.

  16. Scalability • Configured to each unique user, the Keylight Platform is designed to easily accommodate your organization’s growth and expansion.

  17. Workflows • Keylight’s permission-based workflow engine adapts workflows to your existing business processes. It provides access to the appropriate parties at the proper time, can automatically transition through a process in predetermined timeframes, and automates periodic reviews of the content.

  18. Versioned Reporting • The Keylight Platform allows you to report on and analyze historical versions of records or documents. You can configure a report to display only the published revisions or to display all revisions of a record.

  19. Award-Winning Support • Our rapidly deployed solutions allow you to be up and running in weeks using your methodology and your pre-existing content, and our team of experienced industry professionals are with you every step of the way.

  20. Multilingual Interface • This licensed-controlled feature enables companies with international teams to translate the Keylight Platform user interface into any language. Multilingual is available through an annual subscription or perpetual license with maintenance.

  21. Dynamic Assessments • Gather information about risks and compliance comprehension from internal and external sources. Administrators can include conditional questions, link assessments to controls, and configure follow-up or remediation tasks based on responses.

  22. Personas

  23. Audit Audit • High cost of work paper assembly • High cost of audit evidence gathering • Chaos created using email to manage evidence gathering • Identification of correct control and process owners when gathering evidence • Unproductive tension between audit and management • Low audit coverage, especially when higher coverage is of benefit • High cost of audit assembly and report creation • Lack of time for analysis Compliance & Policy • Regulatory Change Management - Keeping up with business and regulatory change. • Policies & Training - Keeping policies current and delivering effective awareness training. • Regulatory Exams - Increased regulatory scrutiny in context of regulatory examinations with focus on role of board of directors plays in overseeing compliance. • Vendor Risk Management - Increased regulatory requirements on vendor risk management, across the entire lifecycle of vendor relationships.

  24. CFO Operational Risk • Inability to understand risk impacts to value • Helps users understand the data that measures potential impacts to performance • Increased pressure from regulators and the board to improve risk reporting • Increased pressure from internal audit and senior management to improve risk reporting • Inefficient and ineffective incident management - not providing the information needed for resolution and strengthening the organization • Knowing if the cost of incremental risk management and resulting residual risk is worth the investment Business Continuity • Lack of confidence that the business is prepared for disruptions • Struggling to keep the business running during vendor service outages • Inefficient asset allocation across departments • Complex technology (or lack of) managing process and information • Running the risk of reputational loss • Inability to bring disruption risks and recovery risks to the attention of users

  25. CIO Audit • High cost of work paper assembly • High cost of audit evidence gathering • Identification of correct control and process owners when gathering evidence • Unproductive tension between audit and management • Low audit coverage, especially when higher coverage is of benefit • High cost of audit assembly and report creation • Lack of time for analysis IT Risk • Efficiently managing and triaging IT scanner data • Accurately normalizing IT data • Poor prioritization of remediation needs discovered by IT scanner data • Integrating IT scanner data with CMDB data and external data. Creating an up to date CMDB • Inefficient association of IT data and governing policies and mandates • Increasing efficiency of understaffed departments • Messaging to different levels in the organization

  26. CISO or InfoSec Audit • High cost of work paper assembly • High cost of audit evidence gathering • Identification of correct control and process owners when gathering evidence • Unproductive tension between audit and management • Lack of time for analysis IT Risk • Efficiently managing and triaging IT scanner data • Accurately normalizing IT data • Poor prioritization of remediation needs discovered by IT scanner data • Integrating IT scanner data with CMDB data and external data. Creating an up to date CMDB • Inefficient association of IT data and governing policies and mandates • Increasing efficiency of understaffed departments • Messaging to different levels in the organization Vendor Risk • High cost of issuing and managing assessments • High cost of issuing and managing compliance obligations • Inconsistent management of incidents or losses • Linking vendors to operational risk (or IT risk and then operational risk)Inaccurate reporting because of disparate data sources • Lack of historical risk perspective • Removes the complexity that technology (or lack of) can introduce to managing process and information

  27. Legal and Compliance Health & Safety • Regulatory change management - keeping up with workplace safety regulations • Ensuring workplace environments are up to regulatory standards • Safety change management - Ensuring accident/incident remediations take place and all policies/procedures are updated and communicated out • Completing work-related injury and illness forms • Holding employees/staff accountable for their workplace safety actions Audit • High cost of work paper assembly • High cost of audit evidence gathering • Identification of correct control and process owners when gathering evidence • Unproductive tension between audit and management • Low audit coverage, especially when higher coverage is of benefit • High cost of audit assembly and report creation • Lack of time for analysis Compliance & Policy • Regulatory Change Management - Keeping up with business and regulatory change. • Policies & Training - Keeping policies current and delivering effective awareness training. • Regulatory Exams - Increased regulatory scrutiny in context of regulatory examinations with focus on role of board of directors plays in overseeing compliance. • Vendor Risk Management - Increased regulatory requirements on vendor risk management, across the entire lifecycle of vendor relationships.

  28. Procurement Operational Risk • Inability to understand risk impacts to value • Helps users understand the data that measures potential impacts to performance • Increased pressure from regulators and the board to improve risk reporting • Increased pressure from internal audit and senior management to improve risk reporting • Not achieving expected value from opportunities IT Risk • Investigating alerts that are already being managed • Integrating IT scanner data with CMDB (Configuration Management Database – or list of all your assets) data and external data. Creating an up to date CMDB • Poorly using IT events to improve policies • Lack of understanding of vulnerability history by asset • Increasing efficiency of understaffed departments • Linking events to risks and risk indicators, understanding the likelihood of a breach Vendor Risk • High cost of issuing and managing assessments • 1:50 employee to vendors managed for manual management • 2000 vendors means need for 40 employees • High cost of issuing and managing compliance obligations • Inconsistent management of incidents or losses • Inability to manage vendor related content • Linking vendors to operational risk (or IT risk and then operational

  29. Operations Operational Risk • Inability to understand risk impacts to value • Helps users understand the data that measures potential impacts to performance • Increased pressure from internal audit & senior mgmt. to improve risk reporting • Inefficient and ineffective incident management - not providing information needed for resolution & strengtheningthe organization • Knowing if the cost of incremental risk mgmt. and resulting residual risk is worth the investment Health & Safety • Training in response to changing work practices, policies, procedures and technologies • Ensuring staff are practicing safe workplace behavior and held accountable for their actions • Adhering to a plethora of workplace safety compliance requirements that continuously change • Being proactive in workplace hazard mitigation with minimal-to-no executive support Business Continuity • Lack of confidence that the business is prepared for disruptions • Struggling to keep the business running during vendor service outages • Chaotic asset and resource allocation during a disruptive event • Inefficient asset allocation across departments • Running the risk of reputational loss • Understanding the effectiveness of tests not executed

  30. Risk Officer Operational Risk • Inability to understand risk impacts to value • Helps users understand the data that measures potential impacts to performance • Increased pressure from internal audit and senior management to improve risk reporting • Knowing if the cost of incremental risk management and resulting residual risk is worth the investment • Not achieving expected value from opportunities • Removes the complexity that technology (or lack of) can introduce to managing process and information Vendor Risk • High cost of issuing and managing assessments • High cost of issuing and managing compliance obligations • Inconsistent management of incidents or losses • Inability to manage vendor related content • Linking vendors to operational risk (or IT risk and then operational risk)Inaccurate reporting because of disparate data sources • Lack of historical risk perspective

  31. Safety Operational Risk • Inability to understand risk impacts to value • Helps users understand the data that measures potential impacts to performance • Increased pressure from internal audit & senior mgmt. to improve risk reporting • Inefficient and ineffective incident management - not providing information needed for resolution & strengtheningthe organization • Knowing if the cost of incremental risk mgmt. and resulting residual risk is worth the investment Health & Safety • Creating a workplace safety culture • Training in response to changing work practices, policies, procedures and technologies • Ensuring staff are practicing safe workplace behavior and held accountable for their actions • Adhering to a plethora of workplace safety compliance requirements that continuously change • Being proactive in workplace hazard mitigation with minimal-to-no executive support Compliance & Policy • Regulatory change management - keeping up with workplace safety regulations • Ensuring workplace environments are up to regulatory standards • Safety change management - Ensuring accident/incident remediations take place and all policies/procedures are updated and communicated out • Completing work-related injury and illness forms • Holding employees/staff accountable for their workplace safety actions

  32. Audit Management (AM) • LockPath’s Audit Management solution management helps simplify and organize the work flow and collaboration process of compiling audits. • Audits are the 3rd line of defense in risk management. Audits review the 1st and 2nd lines of defense and give an independent opinion of performance and assurance. • 1st line of defense – business units that perform day to day risk management. Follow processes that incorporate internal controls and risk responses. This includes management controls, internal control procedures and measures, and the management and staff that employ these controls on a regular basis. • 2nd line of defense – risk and compliance programs that oversee and improve/challenge risk management through guidance and risk frameworks. Often performed by financial controllers, IT security practitioners, risk management professionals, quality inspectors, compliance managers.

  33. Problems Keylight Solves for AM • High cost of work paper assembly • High cost of audit evidence gathering • Chaos created using email to manage evidence gathering • Identification of correct control and process owners when gathering evidence • Unproductive tension between audit and management • Low audit coverage, especially when higher coverage is of benefit • High cost of audit assembly and report creation • Lack of time for analysis

  34. How Keylight manages AM • Audit Scoping • Audit Risk Assessment • Audit Project Management • Time & Expense Management • Audit Work Paper Management • Audit Evidence Management • Reporting • Issue Tracking and Management

  35. Benefits from using Keylight to manage AM • Provides frameworks for all types of audits • Internal • Operational • IT • Vendor • Uses organizational and risk/compliance data to automatically generate audit work papers • Audit prioritization • Workflow to manage evidence gathering and audit performance • Email notification when tasks are required • Reporting to assemble evidence • Time tracking • Online and offline audits • Skills alignment

  36. Target AM Personas Internal Audit • This role provides independent and objective assurance of business activities and processes with a goal to improve an organization's operations, allowing operations to better manage risk. Internal Auditors monitor, assess, and analyze organization risk and controls as well as review and confirm compliance with policies, procedures, and laws. Internal audit provides the board, the audit committee, and executive management assurance that risks are mitigated and that the organization's corporate governance is strong and effective. CISO or InfoSec • The Chief Information Security Officer (CISO) role has been a core leader in enterprise GRC strategy and where GRC platform RFPs have an IT component to them. The CISO sometimes has a dual reporting responsibility, tasked with managing risk to information and technology systems and complying with regulations that impact IT. The CISO also has the responsibility for policy development and compliance for the protection of all the organization's assets, including investigations, information protection, security operations, and awareness training. CIO • The Chief Information Officer drives the strategic direction of the organization's information technology resources, identifying changes in systems technology and communicating these changes to senior management. The CIO oversees information systems control policies and procedures, and designates priorities for computer operations and applications development work, throughout the organization.

  37. AM Qualification Questions • How are you keeping track of historical audit information? • How much time do you spend preparing for and responding to audits? • Can you take me through the process of dealing with external auditors? • How do you conduct audit assessments today? • How do you report audit findings to management? • How do you monitor your current controls and make updates when they change?

  38. Operational Risk Management (ORM) • Operational risks relate to the uncertainty of daily tactical business activities, as well as risk events resulting from inadequate or failed internal processes, people or systems, or from external events. • Place value at risk • Risk lurks in operations, attaches itself to vendors and business partners, and hovers outside the entire enterprise. The sheer volume of risks can overwhelm organizations. Lose sight of certain risks or prioritize the wrong ones and those risks evolve into major problems. • How does an organization effectively manage operational risk in a volatile environment? First, risks must be uncovered, identified, then prioritized. They should be tied to the company’s strategic objectives, mapped to business processes and compliance mandates and linked to key performance indicators. In some situations, a process needs to be established to manage operational risk. In addition, regulators, auditors, and boards of directors are increasingly pressuring firms to improve their risk reporting.

  39. Problems Keylight solves for ORM • Inability to understand risk impacts to value • Helps users understand the data that measures potential impacts to performance • Increased pressure from regulators and the board to improve risk reporting • Increased pressure from internal audit and senior management to improve risk reporting • Inefficient and ineffective incident management • not providing the information needed for resolution and strengthening the organization • Knowing if the cost of incremental risk management and resulting residual risk is worth the investment • Not achieving expected value from opportunities • Removes the complexity that technology (or lack of) can introduce to managing process and information

  40. How Keylight manages ORM • Risk and Control Libraries • Process and Value Documentation • Control Assessment • Risk Assessments • Incident/Loss Management and Analysis • Risk Mitigation Planning • KRI Monitoring and Reporting • Workflow

  41. Benefits from using Keylight to manage ORM • Provides business leaders with a more effective means of assessing risk and controlling effectiveness • Identifies operational risk events • Manages remediation efforts, and quantifies the associated operational risk exposure across the enterprise. • Maintain a comprehensive risk register to add, track and resolve risks/incidents. • Map risk to controls, strategy and processes • Develop simple or complex workflow processes to submit, review and approve exception requests with automated alerts, notifications, and reminders.

  42. Target ORM Personas Risk Officer • The primary responsibility for the Risk Manager, is developing, recommending and administering the risk management strategy to minimize adverse effects. Risk management requires a high degree of collaboration across the organization. Risk managers in financial services have information security risks as one of their top priorities and challenges. Risk management is a leading adopter of GRC platforms to gather a range of risk data and analytics in a single platform. Develops and implements controls and cost-effective approaches to minimize the organization's risk. Procurement • The Procurement role has become critical to GRC strategies with the growing demands of vendor and supplier risk and compliance being put on organizations by the regulators, particularly in the banking industry, in the United States. This role is often tasked with shared vendor risk management responsibilities alongside information security as well as compliance and legal. Operations • The operations manager plans, directs, or coordinates the operations of the organization. They will also assist in formulating policies, managing daily operations, and planning the use of resources, but are too diverse and general in nature to be classified in any one functional area of management, such as personnel, purchasing, or facilities. The facilities manager is responsible for managing the design, planning, construction and maintenance of equipment, buildings and other facilities.

  43. ORM Qualification Questions • How are you tying risks and compliance controls together? • How do you maintain a list of risk exceptions? • How often are they examined? • Is your risk management program tied directly to its strategic objectives? • Do you have a prioritized risk register, and is it easy to update? • How do you report current risk status to the board or senior management?

  44. Health & Safety Management (HSM) • Management of workplace processes, policies and procedures to promote on-the-job employee safety • Support risk management in companies whose operations include dangerous processes or involve hazardous materials to maintain a safe working environment for more resilient business operations • Most health and safety programs operate independently from the organization’s risk management program. Often times this siloed approach results in: • A lack of collaboration between risk management functions • Processes/risk management activities are often duplicative or missing altogether • Minimal to no understanding of how health and safety risks impact the organization by executives and Board members

  45. Problems Keylight solves for HSM • Employee safety in the workplace • Ensuring appropriate safety measures are in place to mitigate hazards • Regulatory change management • Keeping abreast of changing safety regulations • Safety regulation compliance • Increased regulatory scrutiny and fines on workplace safety • Policies, procedures and training • Keeping safety policies and procedures up-to-date • Adequately training employees on job safety requirements • Risk management • Enforcing job safety policies and procedures and mitigating job hazards • Management has limited view to operational risks posed by employee safety

  46. How Keylight manages HSM • Catalog accidents, injuries, illnesses and near misses; link these to policies, procedures and controls; investigate and remediate incidents; and add them to the organization’s risk register. • Automatically generate OSHA’s 300, 300A and 301 work-related injury and illness forms using the Accidents/Illness catalog. • Perform Job Hazard Analyses (JHAs) to identify and remediate potential risks/hazards within job processes before an incident occurs. • Incorporate site inspection preparation and management into their existing GRC assessment process for a more efficient and effective audit.

  47. Benefits from using Keylight to manage HSM • Efficiently record, track, manage, remediate and report on workplace accidents, injuries, illnesses and near misses • Significantly reduce time and effort associated with completing work-related injury and illness reports • Increase visibility into workplace and job hazards to mitigate risks before incidents occur • Streamline the site inspection process for a more efficient and effective workplace safety audit • Strengthen workplace safety regulatory compliance and reduce risk of non-compliance fines • Encourage workplace safety collaboration between business units and departments

  48. Target HSM Personas Compliance • Tasked with addressing the major compliance issues the organization faces, this role reports into Legal in many organizations and reports directly to the CEO, in others. This function is typically led by a Chief Compliance Officer (CCO). They are primarily responsible for major compliance issues as well as coordinating compliance across other organization functions. Serves as advisor to management on the legal implications of all organizational activities and problems, keeping abreast of legislative and administrative regulatory developments. Operations • The operations manager plans, directs, or coordinates the operations of the organization. They will also assist in formulating policies, managing daily operations, and planning the use of resources, but are too diverse and general in nature to be classified in any one functional area of management, such as personnel, purchasing, or facilities. Safety • This role is directly responsible for the on-the-job safety of employees. They contribute to the application of effective health, safety and environmental management by administering and maintaining workplace safety compliance programs and site maintenance (including policies and procedures); perform facility safety and fall protection equipment inspections and maintain inspection records; and perform job hazard analyses. Safety promotes incident prevention for the benefit of employees and visitors, participates in detailed incident investigations and assists in the development and presentation of employee safety training.

  49. HSM Qualification Questions • How do you keep track of your workplace incidents and near misses? • Where do you keep your accident/injury analyses containing PHI? • How much time do you spend preparing OSHA workplace incident forms? • Can you take me through your job hazard analysis process? • How do you conduct site/facility inspections? • How do you handle site inspection findings? • How do you report safety risks and hazards to management?

  50. Compliance & Policy Management (CPM) • Management of the regulatory, commercial and organizational components of policies and governance • Compliance Management solutions provide the capability to manage an overall compliance program, document and manage change to obligations, assess compliance, remediate noncompliance, and report. • This enables organizations to manage: • Compliance process of projects, staff, resources, projects/assessments, compliance risk, reporting, as well as related compliance forms & workflow. • Obligation management to document compliance obligations and manage change to obligations and their impact on the organization. • Assess, document, and report on compliance through compliance assessments and reporting. • Provide a defensible record of compliance of who did what, when, how, and why at any given point in time. • Integrate with policy and issue management as these are core areas of a compliance program.

More Related