Preparing for and completing audits of frameworks and controls requires meticulous planning and execution. ControlMap has upgraded the audit experience in-app to further streamline the process and eliminate more tedious tasks from the to-do list with internal audits, jumpstart expansions, evidence exports, and updated vendor reports.
What’s new?
Internal Audits
MSPs and their clients can now perform an internal audit based on either frameworks or controls. Previously, audits were limited to third-parties, but we’ve provided the ability to perform this internally for a framework or a control set. This offers MSPs and their clients the following benefits:
- Complete a thorough self-assessment - MSPs are able to do a self-assessment to allow them to self-attest compliance for certain security standards such as CIS Controls, NIST Cybersecurity Framework (NIST CSF), and GDPR. The internal audit provides a thorough process to ensure no details are missed.
- Maximize audit readiness- Prior to a pricey third-party audit, MSPs and their clients are able to perform their own internal audit to benchmark their compliance status. They can identify security or areas for improvement and position themselves for success by addressing key issues before initiating the formal audit. Thorough preparation leads to a streamlined audit that saves the MSP time liaising with the auditor, as well as providing additional evidence or clarity around evidence and controls.
[Image pending import: https://lh7-us.googleusercontent.com/docsz/AD_4nXcKm4_9RNNvWWckTH9kWGuGODYm-gqS_4OOVaxMeVseNkwScRT5xzofWKiOH3t45OJZ3oT9t4yC61I-VpF1Jku06M-hzTIi3_9J_YqVCQnRWGmd5ekBP1ICOye1N0ZdZwvpmOMKDnwiYTa8BIp2?key=KdcwK7bejE0qbjiBtYhSFg]
Not every MSP or client requires a third-party audit based on the organization, vertical, and compliance goals. While compliance with a certain standard may be the goal for many businesses, all organizations strive to improve their security operations. An internal audit helps support organizations earlier in their compliance journey to strengthen their security posture by identifying potential gaps and addressing them.
The internal audit feature also allows MSPs and their clients to perform robust self-assessments to ensure they meet the required standards and guidelines of frameworks that rely on self-assessment. It documents evidence of assessment (or audit) history, risks, evidence, and more that can be referenced as required in their industry.
[Image pending import: https://lh7-us.googleusercontent.com/docsz/AD_4nXf59w8o86JkhQXxeUGMqJlwhYciELfnA4EBP_zfpgi00Nb4SliPg5XZ7W8ItPg12IYOAtxZ4WEYcpaAYq6sgxiIyPPveqv1D_US3tJHwR7gPXqxNz7f_vd9Pi_KnYDLW0c_6xwKbTMXQYvraG7PKkBNdsFG?key=KdcwK7bejE0qbjiBtYhSFg]
Cross-mapping and Jumpstart Expansion
Many organizations need to satisfy the compliance requirements across multiple frameworks. ControlMap helps streamline the process by cross-mapping frameworks to identify common items required for assessment. Jumpstarts…
- NYDFS → SOC 2, NIST CSF 2, CIS V8
- CIS v8 → ISO 27001 2022, CJIS
Evidence Export
For CMMC compliance audits, auditors require submission of all evidence of compliance. With a single click of a button, ControlMap users can export all evidence required by auditors including:
What you'll learn
- A logical folder structure that includes all files and metadata;
- A spreadsheet with a description of all evidence, including when it was created and by whom.
MSPs no longer have to cobble together and create an audit-friendly file & folder structure anymore - this is all automated to streamline the audit preparation process and remove friction from the audit itself. While developed particularly with CMMC in mind, the evidence export is useful across all compliance frameworks as it creates an evidence record that can be archived and accessed if required.
[Image pending import: https://lh7-us.googleusercontent.com/docsz/AD_4nXcBIWxGerqF62yqvHedA7W3eFrKHX1moKpt44I_vp7_h_uQGAzo3Pyh7Xy3sSZwvogTzocv2h5uqEwCogb8tRkp36MjrUOkrnAOLZbx76oh64jPwBY9RgfOr5cCCwRmtNl-0tfCkrr6rTXPj8DHIjezXy_n?key=KdcwK7bejE0qbjiBtYhSFg]
Vendor Reports
A key piece of compliance is tracking risks associated with vendors that have access to any sensitive information or data. Ad hoc export of vendor data had been possible, but ControlMap has now added the ability to schedule and save vendor reports. These reports are audit-ready making preparation for a third-party audit effortless – no more struggling to format excel sheets or word documents.
[Image pending import: https://lh7-us.googleusercontent.com/docsz/AD_4nXdO7dZUfWDouiKTOuF3hicTKML42HxlYmTZWEMtvptXJUDz-cXblMztpwk6nMcviGfIC9oMdfp-WImp40rjZN095258uupDGRRZ99VihIc975wyQ--4i4ubH7Ly2W9JpEDbAw6Qn2biSXPOZY-wK012g2h_?key=KdcwK7bejE0qbjiBtYhSFg]
Get started now.
Automation is the best friend of an MSP - it eliminates tedious manual work. With the latest enhancements to the audit experience, ControlMap can put hours back in your team’s day. Log in to ControlMap to start enjoying an enhanced audit experience.