Compliance management is never as simple as it ought to be. Because every organization is unique, no organization fits neatly into the mold of PCI DSS — or any other compliance framework.
If you have multiple locations, multiple firewalls, or multiple operating systems, you have multiple headaches to deal with. You have to gather multiple groups of evidence to satisfy individual controls, making your work more complex and more cumbersome.
But TCT Portal gives you a way to alleviate that pain and gain efficiencies to streamline your compliance management.
Are You Capturing Multiple Groups of Evidence?
There are various reasons that you may need to capture multiple groups of evidence for the same control. For example:
- You have multiple physical locations
- Different areas within your organization have their own inventories
- You use multiple operating systems throughout your organization
- You have multiple cloud vendors
- You have different types of firewalls across your in scope environment
Most companies have some kind of situation that requires tracking multiple sub-elements of a particular requirement. And usually, it isn’t just one requirement — if you’re doing this for one requirement, you’re likely doing it across many of the total count of controls.
You might have multiple firewalls within your environment — for example, Cisco, Fortinet, and Palo Alto firewalls. For every line item that has to do with firewalls, you need to provide evidence for all of your firewalls.
If you have multiple inventories under disparate groups, every line item related to inventories must include evidence for all of your inventories.
TCT currently has several clients with multiple physical locations. For these companies, physical security requirements need to be validated for each individual location.
The Painful Challenges of Multiple Sub-elements
When you have to collect multiple groups of evidence, and you’re using either a manual or semi-manual process for compliance tracking, it forces you to monitor multiple sub-elements of each requirement — making tracking unbelievably complicated.
If you have various locations in four different spread out states, you likely have at least four individuals who are responsible for gathering up evidence. The challenge is to coordinate how those individuals will gather up evidence and attach it in a single line item. Each person needs to remember not to send their evidence up the workflow until everyone else has done their piece as well.
It’s not unusual for someone to attach their evidence and move it up the workflow prematurely. It’s also common for the last person to forget to move it up. And that’s just for one line item. This scenario gets played out countless times for every compliance standard you’re subject to.
Determining your engagement status means painful review of each individual line item. The only way you can tell if each person has submitted their evidence is to open and inspect each of the individual submissions, one at a time. Then you have to hunt down the missing evidence until it’s submitted.
Throughout the engagement, you’re continually going back in to check those line items, and each time you have to open up the evidence all over again. And you have to repeat that for every line item that requires multiple submissions of evidence.
Adding to the complexity are your Assessors’ processes. Different Assessors have different approaches to handling this scenario. If you have two or more Assessors for multiple certifications, you have to shift back and forth between their different procedures.
Compliance Management Doesn’t Have to Suck
Over the years, your company has gradually added multiple environments as your business has expanded or added new capabilities. At first, it wasn’t a big deal and you could easily gather multiple sets of evidence for the same control.
Now, the complexity is slowing you down, creating confusion, and making your compliance management suck more than it should.
For many companies, you don’t notice the incrementally growing inefficiencies or the workarounds that have been slowly been added to the complexity of your engagement. Perhaps you’re so used to it that you just think this is simply the way compliance management is. You’ve grown accustomed to the pain and the toil.
If you’ve been telling yourself that that’s just how compliance management works, it isn’t. At TCT, we believe that compliance management doesn’t have to suck. And we created TCT Portal to prove it.
Requirement Splitting Streamlines Your Compliance Process
Compliance management doesn’t have to be that complicated. Tracking requirements doesn’t have to suck.
TCT’s compliance management software provides an integrated capability called Requirement Splitting. Requirement Splitting allows you to subdivide specific controls so that each grouping of evidence has its own designated space.
In TCT Portal, you can define the type of split you want to create. When you create the split, identify each split by name. For example, if you have locations in four states, the split type could be defined as Locations, and the individual entries could be Illinois, Michigan, Ohio, and Pennsylvania.
TCT Portal makes it quick and easy to apply the split to every requirement that needs multiple collections of evidence. Those sub-elements are included in the workflow and they will roll up into the original requirement.
Next, assign specific individuals to those particular sub-elements so they can each provision their evidence. As each person completes their task, they can submit their evidence up through the workflow without disrupting the workflow of the other individuals. Each sub-element is treated separately from the others.
There are no limitations to the various types of splits that your organization can leverage for your engagement. Since every company is different, your organization can define the splits in a manner that makes sense to you, customized for your own individual circumstances.
Streamline Your Compliance Tracking
With TCT’s requirement splitting capabilities, tracking becomes transparent and lightning fast. Know exactly what each requirement’s status is at a glance. You can get a full understanding of the entire compliance engagement in just ten or 15 minutes — and without the need to chase people down for hours to get updates.
Do your work simultaneously or asynchronously — there’s no need to coordinate your tasks.
Do you have multiple certifications to comply with? TCT Portal’s live linking capabilities automatically import the requirement splitting configurations from your primary certification to all the others. There’s no need to duplicate your efforts — all of your splits are maintained with integrity to the other certifications.
TCT Portal’s requirement splitting makes your life immeasurably easier. Why continue suffering through the headaches and toil when you can streamline compliance management?
Get your
personalized demo
See what TCT Portal can do for your organization
