The security of your data – and that of your customers – poses arguably the biggest risk to businesses today, and is, therefore, the most critical compliance initiative that your company will undertake. The stakes are high and the regulatory requirements can be vast. And as more companies outsource tasks and utilize cloud services and infrastructure, the ability to control all of the aspects of data security becomes more difficult.
With all of the risk and complexity inherent in data security, the technology that you use to keep track of your compliance efforts should be simple.
policyIQ serves as a great case study for policyIQ!
The policyIQ application has clients around the world who rely on the software, the team that supports the software, and the infrastructure on which the software resides to keep their data safe. And the security compliance program for policyIQ involves many of the same complexities that our clients are managing:
- Risk inherent in the storage of our own data, and even more critically in the management of our clients’ data
- Distributed responsibility for critical aspects of IT security
- RGP, our corporate parent, is responsible for things like employee background checks and HR functions;
- We utilize Amazon Web Services (AWS) as our hosting partner, and rely on their IT security program to provide physical and environmental security for our data center.
- Multiple IT and data security requirements, including…
- SOC 2
To keep our own commitments to data security, we utilize policyIQ to capture our IT policies, controls, action items, and audit trails.
With our own implementation of policyIQ, we are able to follow the SOC 2 framework and link our controls to the related requirements. Controls are designated as being performed by our policyIQ division, RGP Corporate, or our AWS partner, allowing any team member to more quickly reach the right resource with questions or clarifications.
When it comes time for an external security audit, we can prepare evidence in advance of the on-site audit based, pull out policy documents to meet the audit requests, and document any follow-ups or recommended action items provided by our auditors to further enhance our security program.
Join us on Monday, July 8th at 1 PM ET / 10 AM PT for our CPE event on IT Security Compliance in policyIQ, where we’ll dig deeper into policyIQ as a case study for policyIQ – and take a look at other frameworks and resources that your organization might utilize for your security compliance!
And look for more blog posts through the month of July that highlight IT and data security compliance in policyIQ.