RiskVision provides a common control framework out-of-the-box, allowing your organization to test once and comply with many different standards.
Managing compliance and risk analysis one regulation at a time can be cumbersome and expensive. Standard frameworks such as CoBIT, NIST, and ISO 17799/27001 help reduce the overhead required to develop and maintain custom controls. Recognizing that a significant number of specific control requirements are common across several frameworks - for example, CoBIT-4, NIST 800-53, and FFIEC share a number of controls - we recommend employing a common control framework to reduce cost and complexity and improve risk management effectiveness.
Using a common control framework, one assessment, rather than many, will suffice to certify against any number of regulations.
A common control framework supports:
Mapping of controls from 17799/27001, CoBIT, CoSo, NIST, FFIEC, and GAISP, among others, as well as custom-built controls to one common set of controls.
- Using the relationship between common controls based on the ISO standard and the corresponding regulation-specific controls to share control results for mapped controls, reducing the resources required to comply with, and track compliance with multiple regulations.
The Common Control Framework simplifies the process because controls only need to be tested once, and not for each framework. The Common Controls report lets you see a visual comparison of the controls employed in two or more standards.