ISO27001, NIST 800-53, HITRUST, HIPAA.....there are a lot of compliance frameworks to manage and the list seems to keep growing. The concept of managing multiple information security compliance programs does not have to be scary. You can manage one information security management program that satisfies multiple compliance frameworks -- you just need to know about a few secrets to ensure you accommodate what an auditor is looking for, while at the same time obtaining help from others within the company to support the company's compliance journey.
The ideas presented in this session are geared to share how to streamline information security compliance in order to achieve certification/attestation/compliance and do so efficiently without having to manage a bunch of duplicated documentation that is specific to each framework.
Learning Objectives:
Create a plan to manage multiple information security compliance frameworks.
Understand how to get auditors/assessors what they need without having a bunch of duplicate documentation.
Partner with your stakeholders to provide the information and assistance needed to support the company's information security compliance efforts.
