Compliance follows a pattern:
(1) Learn what requirements apply;
(2) Learn where you currently stand
(3) Assess the distance between where you currently stand and the applicable requirements
This same simple and logical approach guided the design and implementation of an internal tool that US ProTech developed in-house in order to streamline how we process information when performing a NIST assessment for a customer. Since the mid-2000’s, US ProTech has made itself available to perform NIST-related assessments for customers with sector-specific compliance needs. Our online questionnaire can be assigned to a customer, taken remotely at their convenience, and provides Word-like text editor fields and question-specific file attachments to help efficiently document your company’s current standing as asked by each NIST question. At all times, a US ProTech governance, risk, and policy expert is on hand on the “other side” of the application questionnaire to answer your inquiries, provide guidance as to what each question is asking, and inform your company as to the most comprehensive way in which to ask a question.
The GRC app allows direct exports into a Security Systems Plan (SSP). Here, an SSP operates as internal blueprints for how technological implementations map to NIST-specific requirements. In other words, direct proof of your company’s ongoing compliance with legal and administrative requirements. We specifically built this export function because generating an SSP has historically been a labor-intensive, manual task that consumed the time of both our customers and our staff. By digitizing, simplifying, and streamlining how internal policy documents can be generated, maintained, updated, and instantly retrieved, US ProTech is on the cutting edge of modern and efficient approaches to ongoing governance, risk, and compliance management.
The GRC app not only allows you and your organization to define deadlines by date, time, and timezone, but automatically calculates and displays due dates 14, 30, 60, and 90 days in advance.
Furthermore, you can note that a compliance deadline is for a particular entity or individual (such as a federal agency, a statutory deadline, a private contract, or whatever you'd like to input).