Our Cloud-Based Compliance Solution can Create SSP’s

Did you ever imagine that you could automate and streamline the technology assessment process and output of a system security plan document for your organization? This can easily be accomplished by utilizing our cloud-based compliance solution K2 Compliance™.

  1. The first step is to create a new project. Inside of the project, you have your controls and what we refer to as tickets. A ticket captures defined actions or tasks that assist in resolving or addressing a matter of importance. This is where the assessment process for each control is stored and executed. Each ticket will link to a specific control summary which populates an output template, these come later on in the process.
  2. The information from each specific control drives the tasks inside of each ticket. The frameworks house both the controls and their respective templates, which in the end will merge to create the SSP.
  3. Additionally, tickets are also generated from shareholder input.  This process reverts back and forth from ticket to shareholder until the output is finalized as the video portrays with the example “X” and “Y” tickets.
  4. As an assessor, you may notice that the control for ticket “Z” is a common occurrence from a previous project experience.  If you take a closer look at the control, you can see that the particular technology and control has recently been assessed.
  5. K2 Compliance™ stores all existing project assessment information and allows assessors to incorporate this information during the SSP compilation process. As in this case, tickets “A” and “B” do not have similar information that can be used for tickets “X” and “Y”.  However, ticket Z’s information from the previous project can now be incorporated into the new project, thus reducing workload.
  6. Each of these completed control tickets can now be converted into published control summaries, which are then transferred over to the data store to compile the SSP.
  7. Remember the templates from step one? They are housed within the frameworks themselves and merge with the published control summaries from the data store to format the final output of the final SSP document.

From a bird’s eye view of the entire process — we start with a new project, select the framework and specific controls we want to include, review any previously completed control assessments to eliminate duplicate work, complete all newly required control assessments, review and approve all control summaries and generate the completed SSP.

K2 Compliance™ is a cloud-based compliance solution that allows for you to enhance productivity and improve processes by tracking, auditing, and guiding compliance efforts in the cloud. To see this process visually, click play on the video above.

Matt Moneypenny