Get ready for outbursts of profanity from compliance managers…

[Pharma ad voice-over]: Do your customers quickly forget your security certifications?

– Do customers’ auditors repeatedly ask for the same security control information?

– Do you wake up in the middle of the night, wondering why your security certification isn’t good enough for your customers?

If so, then you may have “Supply Chain Compliance Deja-Vu”… 

</end pharma ad voice-over>

Yesterday, I was speaking with a friend who is a compliance officer at a major SaaS software solution provider.

Apparently, new supply chain security initiatives have resulted in some frustrating inquiries by auditors their customers: 

compliance training shouldn't be your only focus. Image of binoculars

It’s been a “super-fantastic” experience to see people learning and talking about security threats.

For just $325 USD, you can run a 6 week, automated program for phishing, social engineering and working from home.  (Normally valued at $450 USD)

Use Promo Code: 6WEEKS

1. Auditors ask the same questions as those in their valid security certifications (i.e. SOC 2, ISO 270001, PCI, etc.)

2. They require details on “how” the controls are implemented.

3. They require new forms to be filled out, rather than just noting, “Covered in SOC 2 control [X]”.

I’m not saying it’s not important for customers to have the assurance that their suppliers are secure. But this seems really inefficient to me.

The suffering of suppliers could be reduced if there were a solution that could ingest all of their security certifications and policies, and allow smart querying.

I imagine typing in a question like, “How do you detect malware on all endpoints?” and the solution would find the certification responses, policy requirements and maybe even implementation documentation.

There may be a solution like this already. Let’s help relieve the suffering of our compliance managers.

 

Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.

Cyber Security

Phishing Defense

Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.

Social Engineering Defense

Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.

Cyber Security Awareness for Remote Workers

Home-based workers are vulnerable to cyber attacks. Build team immunity today.

Privacy and Compliance

PCI Compliance Awareness

When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.

Gamified HIPAA Compliance Awareness

If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).

Gamified Learning Platform

Active Awareness Platform

Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.