In June of 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of an attack resulting in a data breach and that the personnel records of up to four million people might have been compromised. The attack happened over many months, from March 2014 until it was noticed in 2015 and involved the theft of detailed security clearances of some of the US Government’s most senior and sensitive personnel.
In a recent article, the Acting Head of the OPM Kathleen McGettigan cited ‘audit fatigue’ as a factor in the federal agency’s data breach stating “each time an engagement commences, OCIO (Office of the Chief Information Officer) is obligated to expend time and resources locating responsive documents…replying to multiple, sometimes overlapping duplicative audits”.
McGettigan further goes on to say, “We appreciate and understand the importance of these audits, but believe OCIO would benefit from an effort to achieve a more tailored, streamlined and coordinated approach from its various auditors”.
In our experience this issue does not solely relate to government agencies but rather is a challenge across the board that affects all industries and companies who are required to be compliant with multiple standards and regulations
Reducing the audit fatigue
At Sysnet Global Solutions, we have developed our Combined Assessment Model (CAM). This model combines measurement against multiple compliance standards into an efficient single assessment exercise, recorded and reported all in one place. Typical examples of the Standards and Regulations can include but are not limited to, PCI DSS, ISO 27001, Sarbanes Oxley, HIPAA, Cyber Essentials, PoPI. CAM can also be tailored to individual client control and audit requirements.
Using our Combined Assessment Model can minimise many of the challenges of compliance with multiple standards and regulations and has many other benefits: –
- Reduced costs – one assessment, measuring compliance with multiple standards
- Improved time efficiencies – less repetition saves time
- Scalable and Adaptable – add compliance mandates, standards and regulations, as required
- Lack of complexity – the use of one control could apply to multiple standards
- Awareness – gives your Executive confidence in organisational governance
- Stability – a one place view of control status against multiple standards ensures compliance is easily trackable
- Control – CAM is a single framework to manage all your cyber risk governance
CAM enables businesses, seeking compliance with multiple standards and regulations, to work with one partner, with fees typically showing savings of around 35-50% less than would be paid for multiple individual assessments.
To find out more about how Sysnet Cyber Risk Services can help your organisation when it comes to compliance with multiple standards and regulations please email or fill out the form below.