Policy Compliance

POLICY COMPLIANCE. The assurance of the compliance with company policies and standard constraints is a process which safeguards the operability, the image and the legal integrity of the company. Once again, the activity cannot be limited to the implementation of an automated collection and reporting structure (which is deemed as simple by most vendors) but it must include very complex operations:

  • Context analysis compared to the reference standard through the definition of a gap;
  • Aligning of organization structures and processes with the requirements imposed by the standard;
  • Periodic check for constant monitoring and compliance assurance;
  • Suggestion of corrective actions aimed at reaching defined thresholds;
  • Release of technical and management reports.

Once the policy has been defined by a set of rules, it will be necessary to customize the approach and carry out the activities that make up the Compliance Management of the specific situation. An example list of those activities can be useful to understand the required competences.

  • Software development and modification
  • Suppliers security requirements
  • Necessary resources definition
  • Protection from malevolent software
  • Log of events
  • Network protection
  • Privileges management
  • Identification and authentication
  • Sessions time-out
  • Critical services isolation
  • System timetable synchronization
  • Data validation
  • Cryptography
  • Source codes protection
  • Systems security verifications.

Why us?

The assurance of the compliance with company policies and standard constraints is a process which safeguards the operability, the image and the legal integrity of the company.