Solutionary > Compliance & Risk Management > ISO, PCI, SOX, CobiT, COSO, HIPAA Compliance Reporting

Services and Solutions

Managed & Monitored Security Services

Event Correlation & Information Management

Device Monitoring & Management

Internal & Perimeter Vulnerability Management

Intrusion Prevention Services

PCI DSS 1.1 Monitoring

Unified Threat Management

Security Platform Services

In-the-Cloud Security

Compliance & Risk Management

Risk Assessment & Compliance Measurement

ISO, PCI, SOX, CobiT, COSO, HIPAA Compliance Reporting

Security ROI Metrics

Benchmarking

Security Consulting Services

Application Security Assessment

Vulnerability Assessment

Certified PCI Audit Services

Policy Review & Development

Architecture Review & Development

External Penetration Assessments

Incident Response & Forensics

Regulations are streaming out of governments nonstop. Since 1981, the US federal government alone has introduced 114,000 new rules and regulations that affect business. In fact, the Cato Institute reported that the regulatory impact on the US economy alone was approaching $1 trillion annually.
Source: Forrester, 2006

Under pressure from regulations, competition, legal liability, and corporate governance, organizations build risk management programs and processes that encompass operational risks as well as traditional financial risks. The responsibility for risk and compliance has traditionally been scattered across legal, finance, IT, and business operations. Faced with myriad risk and compliance initiatives, this burden has become a widespread business problem that touches nearly every aspect of the organization.

Service Description
A security professional sees risk as a threat or hazard, while a business or finance manager sees an opportunity/benefit side to risk. Some professionals focus on quantitative risk assessment, while others focus on qualitative risk assessment. In either case, you need to start by understanding your risk. The typical approach to understanding risk is through an audit from an outside party...and most organizations are subject to numerous audits per year. Solutionary enables organizations to understand security compliance risk with SecurCompass®, our web-based application that measures your current level of regulatory compliance against one or all of the leading standards and regulations: ISO, PCI, SOX, CobiT, and HIPAA.

SecurCompass queries your subject-matter experts about your processes and controls for seven categories and 46 sub-categories of security. The results are represented in more than 60 reports for management and technical resources, showing your organization where you are and where you are not currently compliant with industry standards and regulations. Many organizations perform these assessments proactively, regardless of mandates or governance, and use the information to differentiate themselves against their competition: security and privacy are important to consumers. With SecurCompass, you can know with confidence, how secure and private your sensitive data really is.

The Solutionary Advantages
Aren't required or don't have time to assess your compliance against multiple regulations and standards? With SecurCompass assessment and compliance measurements, you choose what is right for you:

SecurCompass scales to allow all 554 standards-based issues to be answered for an enterprise risk profile, or a subset of the issues to be answered for one-time assessment of any single area of your most immediate concern.
Solutionary offers a one-to-many model: compliance questions are asked once and cover ALL the security issues of ISO, HIPAA, PCI, CobiT and SOX. This dramatically reduces cost to the organization both in precious resource time as well as dollars. The process is very effective for pre-audit preparation.
No need to answer the same questions each time a different team comes through for a single audit. Solutionary has automated the audit questions that are common to key standards and regulations so resource time is minimized.
SecurCompass is repeatable, so you can assess quickly to baseline your level of security as it stands today, move immediately into remediation efforts to correct identified deficiencies, and re-assess the impact of the changes to your environment.
No need to complete complex and unfamiliar audit forms. SecurCompass compliance reports for ISO, PCI, SOX, CobiT and HIPAA are produced in audit-ready format.

Service Benefits
Solutionary helps organizations establish a proactive and comprehensive approach to regulatory compliance that is based on reasonably anticipated risks as opposed to piecemeal approaches that address regulation line item by line item.

SecurCompass is repeatable, faster, better and less expensive than other approaches. It has been used to help over 1,000 organizations in industries throughout the country design, implement and manage more effective security programs. Unlike traditional approaches, SecurCompass empowers executive management to make solid business decisions based on meaningful, useable, and comparative information produced through SecurCompass assessment and compliance measurement and to align the resulting security system with the organization's overall objectives.

For more information, you can download the following PDFs:

SecurCompass Overview - details and the various licensing options
SecurCompass Deliverables - snapshots of the 60+ reports provided automatically
Security Measurement - white paper as published by the Computer Security Institute
SecurComply PCI - Solutionary is a PCI certified audit entity; we can help you automate the self-assessment and assist with your PCI audit

At Solutionary, we make security manageable.