Compliance Management

The Controls Catalogue as a Service (CCaaS) empowers you with the platform and expertise required to help manage your control compliance life cycle.

By having a single repository for all of your compliance information, you can more efficiently track control assessment information, undertake compliance activities, and better understand and mitigate your gaps.

Save time and cost through efficiencies

Having your assessment information stored centrally makes it easy to call on and use in the future.

CCaaS enables you to quickly reduce the time needed to evaluate the security of a new system.

Keep on top of your compliance activities

The SSS CCaaS provides you with sufficient visibility to ensure that control reassessments are conducted on time and you don't fall out of compliance. You have the ability to assign control owners and track compliance activities. 

Consistent Approach

With the SSS CCaaS you can have a single and consistent approach to your compliance activities. That means you no longer have the issue where different systems and controls are assessed using different approaches and recreating content that may have been produced in previous assessments. 

Visibility

CCaaS provides an ongoing view of your compliance level against your selected controls framework, as well as easy access to any stored compliance artefacts and evidence against relevant controls.

Benefits at a glance

• A single integrated view for controls, assets, assessment detail, owners, and timeframes
• The ability to schedule and alert on compliance deadlines
• A holistic view of your status against your specific compliance requirement
• A viewpoint of each control and its status based on the most recent assessment of the control
• Audibility and traceability of changes to compliance and the impacts of this through dashboards

Want to know more?

If you want to know more about the service, or get a no-obligation quote, email sales@sss.co.nz or contact +64 4 917 6670.

Key Features

Tailor the service to suit your requirements.

Included in base service

• Cloud-based platform and support
• Control compliance life cycle management
• Alerting / notifications

Service features available as optional service uplift

• Maintain controls
• Develop and configure new custom controls
• Initiate controls validation plans and controls assessment
• Certification and Accreditation (C&A) services
• Controls assessment services
• Additional controls framework

A cyber security framework is crucial to effective governance within this area of your business. It enables you to intelligently manage your cyber risk in line with your overall business risk appetite. A cornerstone of your framework is a set of policies that set out the principles for cyber security efforts within your organisation. They should clearly define the rules you expect to be adhered to so that risk is managed appropriately.

Want to know more?

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Cyber Security Framework and Policies.

How we can help

We help you select an overarching cyber security framework that meets the unique requirements of your organisation, or develop a bespoke framework if required.

We then help you develop policies that reflect both your operational needs and your risk appetite.

We recommend an annual review of your framework and policies as your risk profile, the threat environment, and technology change regularly.

Benefits to your organisation

This service ensures that your cyber security framework enables your business to operate your way, safely. 

• Tailored to your organisation
• Identify and document your cyber security goals
• Guidance on how to achieve these goals.

How we deliver your framework and policies

We tailor an approach to best suit your needs. This may include the following:

• Reviewing your existing framework and policies - and whether these are relevant and living, or gathering dust
• Developing an overarching governance policy
• Developing a policy set for you that enables your business to operate safely

We can base policies on existing frameworks such as:

• CIS-20
• ISO 27001
• HISF
• NZISM
• SANS
• COBIT
• PCI-DSS 

Government entities are often required to certify (and re-certify) a system's cyber security posture as part of an assessment and authorisation process.

Similarly, commercial entities may be required by their customers or partners to demonstrate a level of cyber maturity by becoming certified.

To increase the likelihood of a successful outcome, the entity seeking authorisation of their system should first perform a certification readiness assessment.

A security certification readiness assessment provides greater knowledge and understanding of your system's cyber security posture before entering into the certification phase of the authorisation process.

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Security Certification Readiness Assessments.

Benefits to your organisation

Performing a security certification readiness assessment provides your organisation with:

• knowledge of cyber security shortcomings to enable proactive and timely remediation
• the ability to focus on implementing changes to increase the likelihood of achieving authorisation.

How we deliver a certification readiness assessment

By testing your system before the official certification assessment, we can identify areas of concern within the assessor's planned security control set.

We can work with you to prioritise findings for remediation, develop mitigation strategies, and create mitigation statements.

Typical activities

• Assessing the system against the designated security control set.
• Providing input on which findings should be prioritised for remediation or mitigation.
• Providing mitigation statements that clearly explain why a finding has a lower risk than might be initially assumed by the assessor.

Often business managers and technical teams do not have a clear understanding of what is required to protect both the business and its information assets in an increasingly connected operational environment.

It is essential in modern business practice to gain a clear and concise understanding of what your critical information assets are, where they are stored and, how they are protected.

We provide an overview of your organisation’s security maturity or posture, bringing to light the ‘unknown unknowns’.

Want to know more?

Contact us on 04 917 6670 or sales@sss.co.nz if you would like to know more about our Security Gap Analysis service.

Benefits to your organisation

This service provides an overview of your organisation’s security maturity or posture. This provides:

• a baseline providing insight into your current security posture
• a remediation plan helping you to better secure your systems
• a measurement of how well your technical and non-technical controls implement the full scope of your cybersecurity framework
• an understanding of how well your organisation integrates security into your business planning.

How we deliver a gap analysis

An independent assessment of your current cyber security state which includes the following:

• Identifying your information assets and ownership
• Conducting a gap analysis against your chosen standard or framework
• Providing recommendations for remediation work to address identified gaps
• Producing a full gap analysis review, including summary report that can be consumed and understood at the Executive level, detailed findings for technical personnel
• Aiding delivery of the findings to senior management

Standards and frameworks

We can base the gap analysis on standards or frameworks including:

• CIS-20,
• ISO 27001,
• HISF,
• NZISM,
• SANS,
• COBIT, and
• PCI-DSS.

We can also help you select a framework appropriate for your organisation. 

Business managers and technical teams do not always have a clear understanding of what is required to protect both the business and its information assets in an increasingly connected operational environment.

The SSS Cybersecurity Gap Analysis and Roadmap (CGAaR) empowers you with an objective view of your current level of cybersecurity maturity and a pragmatic roadmap to help you raise the bar. Gain an understanding of your compliance level with the controls from the standard of your choice so you can focus your resources where it matters most.

What do you get?

• A baseline providing insight into your current cybersecurity maturity as measured against an industry recognised cybersecurity controls framework.
• Detailed information where a control has been assessed as either "Partially Compliant" or "Non-Compliant", including the impact.
• A remediation roadmap helping you to improve your cybersecurity maturity.
• A measurement of how well your technical and non-technical controls support your journey toward full compliance with your chosen cybersecurity controls framework.

How do we work?

We provide an independent assessment of your current cybersecurity state. This includes the following:

We conduct a gap analysis determining the shortfalls between your current state and your chosen cybersecurity controls framework. We can also help you select an appropriate framework for your organisation.
We provide prioritised recommendations for remediation to address identified gaps.
We produce a full gap analysis review with detailed findings for technical staff, as well as a summary report specifically for an executive level audience.

Service uplifts are available.

For a longer commitment, we also provide you with access to our cloud-based tool so you can review the most recent assessment data in real-time.

Some of the frameworks we can use include:

• ISO27k
• CIS-v8
• NIST
• NZISM
• CERT Top 10
• ASD Essential 8
• CRR
• HISF
• COBIT
• PCI-DSS
• Or any other controls framework you might require.

Want to know more?

Contact us on +64 4 917-6670 or email us at sales@sss.co.nz  to arrange a no-obligation chat or a demo to see if the SSS CGAaR is right for you! We pronounce it "See - gar".