Compliance-Management

In the QSEC® Compliance Management module, the norms, laws and individual requirements catalogues/specifications are evaluated based on existing questions. The maturity levels of the requirements (controls, chapters, etc.) are evaluated based on the questions answered and the related measures. The evaluations can be carried out by the assigned responsible persons in relation to specific issues.

As part of the regular assessments or self-assessments, a differentiated evaluation of the compliance status is carried out according to the requirements of the standard to be examined. The assessments can be performed for defined customer organizational units.

For existing requirements catalogs, predefined question catalogs are available. Since the regularly required evaluations are often only carried out once a year, the evaluators can use the user-friendly Compliance Wizard. The Compliance Wizard guides the user through the processing steps according to predefined processing description tools. All evaluations are historicized and can be evaluated based on compliance reports.

In QSEC Compliance Management not only a variety of norms can be stored and evaluated but also an internal control system can be implemented.
QSEC offers the possibility to flexibly store the variety of norms and requirement catalogues and to audit them according to a structured method.

Features (excerpt)

• Status assessment according to the Plan Do Check Act methodology (PDCA)
• IT compliance assessment according to various approaches (including the question catalogues for the implemented rules and regulations)
• Maturity evaluation with target/actual comparison at control level
• Automatic, customizable resubmissions for controls
• Definition of IT compliance target values
• Determination of the gaps (actual/target value)
• Generation of measures to achieve the compliance target values
• Deposition of documents
• Link to other standards (control-control link)
• Creation of a Statement of Applicability (SoA) report