Control Planning Objectives
Gauge organizational tolerance for risk
Facilitate risk treatment decisions
Establish control objectives for assets and processes
Build risk mitigation and remediation projects
Seattle, Washington:
150 Nickerson Street
Suite 106
Seattle, WA 98109
Phone: 206-352-6028
Fax: 206-633-0235
Louisville, Colorado:
361 Centennial Parkway,
Suite 150
Louisville, CO 80027
Phone: 303-554-6333
Fax: 303-554-7555
Control Planning
Understanding the appropriateness and fitness
of IT control to your organization can be a dizzying process for senior
business leaders, IT managers, and auditors. Regulatory compliance controls
require management to do one thing. Internal risk controls require another.
Proposed control implementation costs can disrupt organizational capex and
opex, undermining critical business processes and objectives.
At Coalfire, we understand that these situations can challenge
your organization’s risk management processes. Whether faced with hard
risk-mitigation decisions or unsympathetic compliance requirements, our
Control Planning services help you gain professional insight into the
applicability, design, and impact of control to your organization.
Our Control Planning services build auditibility and
transparency into risk management programs- lowering cost and impact to the
organization.
Control Rationalization
Confronted with the results of an IT Risk Assessment, many
senior managers are left contemplating the next steps. How can I lower risks
to a more acceptable level? How much will remediation cost? What will be my
residual risk? Coalfire’s Control Rationalization service helps
organizations answer these questions by developing a facilitated, structured
framework of risk treatment strategies. Our senior resources will help you
identify and establish:
- Key metrics for risk tolerance and acceptance;
- A framework of IT control objectives that incorporate both your
regulatory compliance and risk-based requirements;
- Appropriate control designs that minimize organizational expenditure and
disruption to business;
- A remediation project plan that identifies the timelines and resources
associated with control implementation.
Our Control Rationalization service uses the Coalfire Common
Control Framework, a control objective framework that incorporates thousands
of best-practice and regulatory requirements. More information on the
Coalfire Common Controls Framework can be found within our Common Controls
Program service.
Common Controls Program
Many organizations are addressing multiple sets of
information technology control requirements- those from external
third-parties, commercial regulators, and internal risk management programs.
Control objectives become scattered across different internal programs and
auditors- leaving management and staff exasperated as they attempt to keep
up with audits, processes, and procedures.
Coalfire’s Common Controls Program consolidates all
organizational IT security control objectives into a single, unified
framework that is shared across internal and external stakeholders. Our
program is based on the Coalfire Common Controls Framework, a library that
consolidates thousands of individual risk and regulatory control objectives
established by the Payment Card Industry (PCI), Federal Finance Institutions
Examination Committee (FFIEC), Federal Deposit Insurance Corporation (FDIC),
the National Institute for Standards and Technology (NIST), the Health
Insurance Portability and Accountability Act (HIPAA), ISO 27002, and many
others.
Our Common Controls Program helps organizations to:
- Assign control objectives to the appropriate business processes and
information assets;
- Establish relevant Common Control objectives that meet organizational
risk and compliance requirements;
- Align internal and external stakeholders to required control designs and
procedures;
- Facilitate consistent reporting of control activities, procedures, and
artifacts;
- Stay abreast of ever-changing regulatory control requirements;
- Implement consistency across control strategies, implementations, and
audit planning.
For more information on Coalfire's control planning services,
please contact: