Audit to continuous ComOps best practices
In a survey conducted by Hyperproof, over 120 organizations identified their most common compliance pain points. The three main takeaways were:
The majority of organizations didn't feel on top of their security or operational risks due to the continuously changing risk landscape.
With the release of GDPR, organizations needed to make privacy orientation a priority, whether they wanted to or not. This led to intense growing demands from a compliance perspective.
Because organizations didn't feel in control of the previous two aspects, they became “audit obsessed”—essentially focusing all of their time, effort, and resources on passing the audit.
Based on these takeaways, Hyperproof developed the continuous compliance operations (ComOps) methodology where controls are the center point for all of an organization's compliance operations. This means "everything else"—requests, risks, requirements, evidence, issues, and so on—is linked to controls.
Many organizations don't fully utilize their controls because there is an astoundingly flawed assumption that the cost to switch to a control-centric (ComOps) approach is too high and too time consuming. Because of this assumption, organizations are still working off of spreadsheets, scrambling to collect evidence and fix controls right before an audit.
Following the continuous ComOps methodology reduces your chances of experiencing security and compliance lapses because you're making continuous improvements on a cadence—not trying to do everything at once. When work is tracked in a single repository, and evidence is collected on an ongoing basis, no one needs to go into fire-drill mode right before an audit.