CRISAM Compliance References

Compliance references are standards, norms, regulations and best practices. Companies align themselves with these references either voluntarily or because they are legally obliged. Compliance with these references is also necessary for companies who undergo external audits. Very often it is more than just one compliance reference against which compliance must be demonstrated. IT is, for instance, measured, audited and tested according to ISO 27001, ISO 20000, COBIT, SOX, laws and directives regarding data protection and other applicable laws. In specific industries supplementary references need to be included.

In order to provide evidence for compliance with the references in a timely and economical manner CRISAM® uses its content libraries. The significant advantage of this approach is that no additional specific checking questions, regarding the relevant compliance references, need to be answered. CRISAM® automatically ensures the alignment with the supported compliance references by using cyclically updated mappings, which contain the relevant information concerning the specific references. The degree of compliance with these references is communicated by reports and through KPIs on the dashboard.

CRISAM® out of the box support is currently available for the following references:

  • ISO 27002
  • ISO 27019
  • ISO 20000
  • ISO 80001-1
  • ISO 9001
  • ISO 15224
  • EN 50600
  • BSI IT Grundschutz Methodology
  • ISAE 3402
  • Euro Cloud
  • COBIT
  • COSO
  • SOX
  • BDEW
  • BSI 100-2
  • BSI 100-4
  • Various legal matters
  • PCI-DSS

The CRISAM® support is permanently extending and evolving due to new standards, specific customer requirements and the updating of the content libraries.