Datasec - IT Security & Control

Compliance Solutions Print
We manage every day standards and practices such as Sarbanes-Oxley (SOX), HIPAA, COSO, COBIT, NASD/NYSE, Basel II, OECD Principles, ASX 10, etc. The universe of standards that Managers must bear in mind seems to grow more complex by the day, and the negative consequences of non-compliance are increasingly intolerable. Are you aware, as a Manager, of the legal risks you're exposed to due to non-compliance with the currently enforced standards?

Software Tools

Meycor® COSO® AG
Meycor® CobiT® CSA
Meycor® CobiT® KP

Download

Meycor® Solution for Basel II
Meycor® Comprehensive Solution for Enterprise Risk Management (ERM)
Meycor® Comprehensive Solution for SOX
Internal Control based on the COSO® report

What is compliance?

We can define compliance or conformity as the actions undertaken by the organization to ensure adherence to the standards, regulations and policies. It should be noted that it also implies that such adherence can be proved.

The stakeholders' increasing loss of trust gives room to numerous regulations that interact and sometimes even overlap with each other. Regulations seek to assure stakeholders that organizations are playing by known game rules.

Compliance Software

It's clear that compliance with policies and standards is not sustainable without an automated solution to manage the documentation and processes necessary to achieve this goal, including tasks related to the assessment and roll out of TAACs' controls and event logs. Nowadays many auditors use MS Office (e.g., Word questionnaires) but they know this is not enough in terms of reusability and security.

Some compliance software solutions can be classified as:

Software aimed at automating the auditing process based on the COSO Framework:

  • They include process definition, risks associated to each process, the controls required to mitigate risks, validation tests to ensure that controls are effective and the new control measures necessary to ensure full compliance.

DATASEC's Solution: Meycor COSO AG

Other types of compliance software automate manual tasks and generate audit trails, including:

  • Document Management
  • Event Management
  • Contract Management (maturities, responsible parties, flows)
  • Client & Supplier Collaboration Portal

DATASEC's Solution: Meycor KP

Let's see an example of a regulation that needs to be enforced by certain organizations:

PCI Cardholder Information Security Program

Card information security is nowadays more than ever a necessity. Companies that do not have a plan to achieve compliance or that create misleading compliance reports are not seen in a favorable light and may be subject to more severe penalties.

This program includes:

  • A detailed assessment program (202 detailed standards)
  • A self-assessment program (approximately 78 standards)

The program covers for example issues such as:

  • Establishing policies that address information security.
  • Implementing a formal information security awareness program.

DATASEC's Solution: You can use Meycor CSA to include the corresponding questionnaires, gathering evidence on the reliability of answers and determining the areas that need strengthening.

Our Philosophy

Software tools are an essential part of Compliance Management. However, our proposal focuses on a comprehensive approach that includes the development and tuning of processes and content, training, and, if required, staff coaching for Compliance Management.