SOMAP.org

Security Officers Management & Analysis Project

Compliance Aggregation

Nowadays companies need to consider many different standards, regulations and other requirements (Authority Documents). Among these requirements can be SOX, Basel II, ISO 27001, Grundschutz, PCI and others. Many tools and risk assessment workflows do not consider this compliance aggregation issue but only focus on one of these requirements.


image

As a result, custodians trying to protect their assets do have a problem finding out what kind of regulations and requirements they need to consider when protecting their assets. While custodians often do not have a security background (and don't need to do so) they are left alone in finding, tagging, understanding and interpreting requirements and policies regarding their assets.

We from SOMAP.org strongly believe in the need to account for all of these different requirements. We think there is a need to aggregate all requirements and to map these aggregated requirements with asset types. This allows for a custodian to quickly identify his asset's requirements without the need to read and interprete many different standards and regulations.

image

Our projects do take these considerations into account. Please see the respective projects websites for further details.