IT Risk Management - Simple. Powerful. Refined.
Menu
  •  

  • IT Risk Assessment

    start with a strong foundation  

    Now Available

  • Compliance Assessment

    navigate regulations like a pro  

    Coming Soon

  • Control-2-Framework Mapper

    keep your controls on course  

    Coming Soon

  • SANS Top 20 Mapper

    analyze your progress  

    Coming Soon

  • Control Framework Assessment

    put your policies in perspective  

    Coming Soon

  • IT Policy Reviewer

    know where you stand  

    Coming Soon

  • Audit Program Generator

    manage with dynamic intelligence  

    Coming Soon

  • IT Audit & Security Utilities

    take action without breaking the bank  

    Coming Soon

  • Findings Repository

    save time with expertly prepared reports  

    Coming Soon

  • Ask an Expert

    get advice when you need it  

    Coming Soon

  1. Overview
  2. Details
  3. Features
  4. Resources

Your business couldn’t succeed without proper management and planning. You’ve probably already established IT policies and procedures to establish operational best practices and secure your environment. The question is how do your internally developed IT policies compare to formal IT governance frameworks?

Comparing your policies to established frameworks offers several advantages. It allows you to identify potential risks that were overlooked as you sought to align your risk landscape with your business objectives. It provides an opportunity to consider new approaches that may reduce costs and increase efficiency. The comparison also offers an objective look back at your IT policies that can help you integrate your IT best practices with you business goals

Upload your IT security policy and select a standard for comparison. Our engine supports comparison the following standards.

  • ISO 27001
  • ISO 27002
  • NIST

When selecting your policy, please consider the following differences in policies, procedures, standards, and guidelines as defined by scGRC.com’s governance engine.

Policy

A Policy is a high-level document that defines the management approved strategies to mitigate specific risks related to specific technologies and or IT processes.  Policies tend to be fairly brief and focus on guiding principles (i.e. the "why ") rather than on technical or process details (i.e. the "how "). The purpose of policies is to guide present and future decisions so that they are in agreement with business goals and objectives. Policies are not procedures (although many policies have a procedures section), standards, guidelines or best practices. These other, more detailed documents flow from and support policies.

Procedure

Procedures (like standards) support policy by further describing specific implementation details (i.e. the "how "). A procedure can be thought of as an extension of a policy that articulates the process to be used in carrying out the policy. A procedure may describe a series of steps, or how to use standards and guidelines to achieve the goals of a policy. Procedures, along with standards, promote a consistent approach to following policy. Procedures make policies more practically meaningful and effective. Procedures overlap with standards although procedures tend to be more process oriented while standards tend to be more focused on requirements or specifications.

Standard

Standards (like procedures) support policy by further describing specific implementation details (i.e. the "how "). A standard can be thought of as an extension of policy that articulates the rules, mechanisms, technical or procedural requirements or specifications to be used in carrying out policy. Standards, along with procedures, promote a consistent approach to following policy. Standards make policies more practically meaningful and effective. Standards are definitional and clarifying in nature specifying the minimums necessary to meet policy objectives.

Guideline

Guidelines are comprised of one or more general statements or recommendations detailing procedural or technology approaches to following or implementing policy. In contrast to procedures and standards, guidelines are not requirements to be met, although they are strongly recommended.

Rapid results – Compare your policies to internationally recognized standards in a fraction of the time it would take manually or with other tools.

Instant value – Our detailed reports include suggestions on how you can improve your policies.

Refined interface – We’ve designed our tools to be simple and powerful. You don’t need to be an expert or invest a lot of time to get expert results.

Contact us for detailed information about any of our tools and information about our subscription or partnership plans.

Request a free demo and see how our tools can benefit your business.

Login
Request a Demo
See our tools in action and experience the power of efficiency.


* Required