Are you dealing with the headache of managing (multiple) compliance requirements, only to have careless end-users cause all kinds of problems? Need to have all controls in place to satisfy auditors but struggling with lack of time and management support? Tired of duplicating effort and the nightmare of spreadsheets and gathering evidence regularly? Are audits for PCI, HIPAA or SOX taking up too much of your time? Here’s a new way to manage this problem..
Are you caught in a compliance spreadsheet nightmare? Regulatory compliance is mandatory, but the time, cost, and complexity associated with becoming compliant and maintaining compliance has increased and will continue to increase. Most organizations track compliance using spreadsheets, word processors or proprietary self-maintained software. This is inefficient, error prone, costly, and a risk in itself. Streamline your audit compliance management with KnowBe4 Compliance Manager™ (KCM).
We all know that compliance is mainly a matter of “people and processes” and tools come second. But what if you could deploy a tool that would automate your people and processes problem? Up to now, these tools were only affordable for the Fortune 500, but KnowBe4 has developed KCM as Software as a Service. KCM consolidates your audit management and regulatory compliance tasks into simple automated workflows which prevent overlap and eliminate gaps. “By admins for admins”, whether you are responsible for PCI in a 50-user site, or an MSP managing dozens of companies and thousands of seats.
KCM introduces an abstraction layer that dramatically reduces duplicate efforts. Some immediate benefits you can realize by deploying KCM are:
Today, most organizations are required to follow some type of regulation. Almost all of us need to comply with PCI-DSS, but often that is combined with regulations such as: HIPAA, GLBA, FISMA and/or Sarbanes Oxley. Even if you are not required by law to comply with any regulations, you may be following an internal risk framework, internal policies & procedures, or an industry best practices framework such as NIST or ISO. Managing compliance for one regulation or framework is time consuming. Having multiple regulations sometimes means you have to create an entire and expensive compliance department.
KCM effectively reduces the time you need to satisfy all of the requirements necessary to meet compliance goals, leading to significantly less time and money spent dealing with compliance and audits.
Using the built-in quick setup capability, KCM can have you on your way to (improved) compliance fast. Whether you need to comply with PCI, HIPAA, GLBA, or other Regulations or Frameworks, KnowBe4′s Compliance Experts have (or can create) pre-built requirements templates for your regulations.
KnowBe4′s experts create new templates as regulations change or are updated… there is no need for you to monitor confusing changes in regulations any more.
With the Controls Reduction Engine, KCM can reduce the total number of controls and requirements you need to satisfy down to one unique set. By reducing the total number of requirements, there is less risk of duplicating work and having gaps in compliance.
KCM gives you two ways of maintaining audit evidence and documentation. You can either upload files to be securely stored in the cloud, or provide a URL that links to an existing document or location of evidence files.
The Audit Evidence Vault (AEV) allows you to safely and securely store policies, procedures, and compliance/audit evidence for each of your controls and tasks. By having audit evidence readily available for auditors to review, this will limit the amount of time an auditor will need to spend on-site, taking valuable time away from your work day. The AEV can also act as a central repository for Policies and Procedures documents for your organization.
The KCM Compliance Calender allows you to see upcoming requirement deadlines, controls that were not met, and tasks that are past due. With automated email reminders, you will always be notified ahead of time so that any gaps in compliance can be dealt with immediately, and your console has visual controls turning red.
Directly Responsible Individual (DRI) methodology: KCM was designed with simplicity in mind. The more processes you can automate, the more time you save. Using the DRI methodology, you can assign a responsible individual to each control. This leaves no question as to which employee is responsible for maintaining compliance related to each control.
Datasheet: here is the content of this page in a 2-page PDF which is printer-friendly:
Manual: here is a PDF with the KCM user manual in PDF format:
WhitePaper: Improving the Compliance Management Process - an Osterman Research Whitepaper.
You can test KCM for yourself, using the SANS Top 20 Controls loaded as an easy to follow template. This will give you a very quick idea how to deploy this new tool.
Please fill out the form. One of KnowBe4′s Compliance Experts will contact you for a webdemo, within 15 minutes you will know if it's going to work in your environment or not.