Cyber GRC Ideas Portal
IT Compliance teams have to put controls in place and provide compliance reports for controls and SLAs.
this can be fairly easily supported by combining
1) Control Self-Assessments or Tests with
2) SLA Metrics
What is missing is the appropriate reporting that combines both elements. Specifically, we need a report that lists on a monthly basis the status of each control (with evidence) and the SLA Metrics
For example,
a) Control: if a contract prescribes that all personnel on a customer project have to have a given level of background checks the corresponding control would list any new staff and attach the appropriate background check documentation as evidence
b) SLA Metric: if the contract prescribes ticket resolution times of 24h, the metric would list the threshold and actual performance (based on manual input or integration with a ticketing system)
