SOMAP.org

Security Officers Management & Analysis Project

Compliance Cartography

image
Because there are many different Authority Documents, a company can get quickly confused with which of these Authority Documents they have to comply with.

Before starting a risk assessment you first need to define which Authority Documents you want or have to comply with. Since many of these documents overlap with other similar documents, things can get complicated. The result is often that you try to comply with all of the objectives resulting in suboptimal ressource allocations.

This is where the Compliance Cartography is of help. The Cartography defines which Authority Document can be aggregated with what other Authority Document eventually resulting in an aggregated set of unified requirements.


image

To use an allegory: The Compliance Cartography is the recipe and the Compliance Aggregation the process in which you aggregate your Authority Documents to your unique set of Controls.