MENU

Compliance Management

Compliance is all about adhering to the rules. The rules may be externally mandated, such as laws and industry specific; or self imposed such as internally created or externally selected standards.

Compliance Management requires that you understand what rules you need to adhere to and then confirming that you are. It is the process by which you plan, organise, monitor and lead activities that give you assurance of your level of compliance.

The level of compliance is unique to an organisation. You may not need to be fully compliant with a standard when partial compliance meets your unique needs and risk appetite.

Our experts can help you understand your compliance requirements and work with you to achieve the level of compliance required.

Compliance options that suit your specific requirements

At SSS we have a range of services supporting your compliance management needs which will be tailored depending on where you are on your security journey.

Compliance Management2

Want to know more? 

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Compliance Management solutions.

Request more information

All solutions logo 01 Solutions

  • Controls Catalogue as a Service (CCaaS)

    The Controls Catalogue as a Service (CCaaS) empowers you with the platform and expertise required to help manage your control compliance life cycle.

    The Controls Catalogue as a Service (CCaaS) empowers you with the platform and expertise required to help manage your control compliance life cycle.

    By having a single repository for all of your compliance information, you can more efficiently track control assessment information, undertake compliance activities, and better understand and mitigate your gaps.

    Save time and cost through efficiencies

    Having your assessment information stored centrally makes it easy to call on and use in the future.

    CCaaS enables you to quickly reduce the time needed to evaluate the security of a new system.

    Keep on top of your compliance activities

    The SSS CCaaS provides you with sufficient visibility to ensure that control reassessments are conducted on time and you don't fall out of compliance. You have the ability to assign control owners and track compliance activities. 

    Consistent Approach

    With the SSS CCaaS you can have a single and consistent approach to your compliance activities. That means you no longer have the issue where different systems and controls are assessed using different approaches and recreating content that may have been produced in previous assessments. 

    Visibility

    CCaaS provides an ongoing view of your compliance level against your selected controls framework, as well as easy access to any stored compliance artefacts and evidence against relevant controls.

    Benefits at a glance

    • A single integrated view for controls, assets, assessment detail, owners, and timeframes
    • The ability to schedule and alert on compliance deadlines
    • A holistic view of your status against your specific compliance requirement
    • A viewpoint of each control and its status based on the most recent assessment of the control
    • Audibility and traceability of changes to compliance and the impacts of this through dashboards

    Want to know more?

    If you want to know more about the service, or get a no-obligation quote, email sales@sss.co.nz or contact +64 4 917 6670.

    Request more information

    Key Features

    Tailor the service to suit your requirements.

    Included in base service

    • Cloud-based platform and support
    • Control compliance life cycle management
    • Alerting / notifications

    Service features available as optional service uplift

    • Maintain controls
    • Develop and configure new custom controls
    • Initiate controls validation plans and controls assessment
    • Certification and Accreditation (C&A) services
    • Controls assessment services
    • Additional controls framework
  • Cyber Security Framework and Policies

    A cyber security framework is crucial to effective governance within this area of your business.

    A cyber security framework is crucial to effective governance within this area of your business. It enables you to intelligently manage your cyber risk in line with your overall business risk appetite. A cornerstone of your framework is a set of policies that set out the principles for cyber security efforts within your organisation. They should clearly define the rules you expect to be adhered to so that risk is managed appropriately.

    Want to know more?

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Cyber Security Framework and Policies.

    Request more information

    How we can help

    We help you select an overarching cyber security framework that meets the unique requirements of your organisation, or develop a bespoke framework if required.

    We then help you develop policies that reflect both your operational needs and your risk appetite.

    We recommend an annual review of your framework and policies as your risk profile, the threat environment, and technology change regularly. 

    Benefits to your organisation

    This service ensures that your cyber security framework enables your business to operate your way, safely. 

    • Tailored to your organisation
    • Identify and document your cyber security goals
    • Guidance on how to achieve these goals.

    How we deliver your framework and policies

    We tailor an approach to best suit your needs. This may include the following:

    • Reviewing your existing framework and policies - and whether these are relevant and living, or gathering dust
    • Developing an overarching governance policy
    • Developing a policy set for you that enables your business to operate safely

    We can base policies on existing frameworks such as:

    • CIS-20
    • ISO 27001
    • HISF
    • NZISM
    • SANS
    • COBIT
    • PCI-DSS
  • Security Certification Readiness Assessment

    Government entities are often required to certify (and re-certify) a system's cyber security posture as part of an assessment and authorisation process.

    Government entities are often required to certify (and re-certify) a system's cyber security posture as part of an assessment and authorisation process.

    Similarly, commercial entities may be required by their customers or partners to demonstrate a level of cyber maturity by becoming certified.

    To increase the likelihood of a successful outcome, the entity seeking authorisation of their system should first perform a certification readiness assessment.

    A security certification readiness assessment provides greater knowledge and understanding of your system's cyber security posture before entering into the certification phase of the authorisation process.

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Security Certification Readiness Assessments.

    Request more information

    Benefits to your organisation

    Performing a security certification readiness assessment provides your organisation with:

    • knowledge of cyber security shortcomings to enable proactive and timely remediation
    • the ability to focus on implementing changes to increase the likelihood of achieving authorisation.

    How we deliver a certification readiness assessment

    By testing your system before the official certification assessment, we can identify areas of concern within the assessor's planned security control set.

    We can work with you to prioritise findings for remediation, develop mitigation strategies, and create mitigation statements.

    Typical activities

    • Assessing the system against the designated security control set.
    • Providing input on which findings should be prioritised for remediation or mitigation.
    • Providing mitigation statements that clearly explain why a finding has a lower risk than might be initially assumed by the assessor.

     

  • Security Gap Analysis

    Often business managers and technical teams do not have a clear understanding of what is required to protect both the business and its information assets in an increasingly connected operational environment.

    Often business managers and technical teams do not have a clear understanding of what is required to protect both the business and its information assets in an increasingly connected operational environment.

    It is essential in modern business practice to gain a clear and concise understanding of what your critical information assets are, where they are stored and, how they are protected.

    We provide an overview of your organisation’s security maturity or posture, bringing to light the ‘unknown unknowns’.

    Want to know more?

    Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Security Gap Analysis service.

    Request more information

    Benefits to your organisation

    This service provides an overview of your organisation’s security maturity or posture. This provides:

    • a baseline providing insight into your current security posture
    • a remediation plan helping you to better secure your systems
    • a measurement of how well your technical and non-technical controls implement the full scope of your cybersecurity framework
    • an understanding of how well your organisation integrates security into your business planning.

    How we deliver a gap analysis

    An independent assessment of your current cyber security state which includes the following:

    • Identifying your information assets and ownership
    • Conducting a gap analysis against your chosen standard or framework
    • Providing recommendations for remediation work to address identified gaps
    • Producing a full gap analysis review, including summary report that can be consumed and understood at the Executive level, detailed findings for technical personnel
    • Aiding delivery of the findings to senior management

    Standards and frameworks

    We can base the gap analysis on standards or frameworks including:

    • CIS-20,
    • ISO 27001,
    • HISF,
    • NZISM,
    • SANS,
    • COBIT, and
    • PCI-DSS.

    We can also help you select a framework appropriate for your organisation. 

  • Cybersecurity Gap Analysis and Roadmap

    Business managers and technical teams do not always have a clear understanding of what is required to protect both the business and its information assets in an increasingly connected operational environment.

    Business managers and technical teams do not always have a clear understanding of what is required to protect both the business and its information assets in an increasingly connected operational environment.

    The SSS Cybersecurity Gap Analysis and Roadmap (CGAaR) empowers you with an objective view of your current level of cybersecurity maturity and a pragmatic roadmap to help you raise the bar. Gain an understanding of your compliance level with the controls from the standard of your choice so you can focus your resources where it matters most.

    What do you get?

    • A baseline providing insight into your current cybersecurity maturity as measured against an industry recognised cybersecurity controls framework.
    • Detailed information where a control has been assessed as either "Partially Compliant" or "Non-Compliant", including the impact.
    • A remediation roadmap helping you to improve your cybersecurity maturity.
    • A measurement of how well your technical and non-technical controls support your journey toward full compliance with your chosen cybersecurity controls framework.

    How do we work?

    We provide an independent assessment of your current cybersecurity state. This includes the following:

    We conduct a gap analysis determining the shortfalls between your current state and your chosen cybersecurity controls framework. We can also help you select an appropriate framework for your organisation.
    We provide prioritised recommendations for remediation to address identified gaps.
    We produce a full gap analysis review with detailed findings for technical staff, as well as a summary report specifically for an executive level audience.

    Service uplifts are available.

    For a longer commitment, we also provide you with access to our cloud-based tool so you can review the most recent assessment data in real-time.

    Some of the frameworks we can use include:

    • ISO27k
    • CIS-v8
    • NIST
    • NZISM
    • CERT Top 10
    • ASD Essential 8
    • CRR
    • HISF
    • COBIT
    • PCI-DSS
    • Or any other controls framework you might require.

    Want to know more?

    Contact us on +64 4 917-6670 or email us at sales@sss.co.nz  to arrange a no-obligation chat or a demo to see if the SSS CGAaR is right for you! We pronounce it "See - gar".