Contact Us
aboutproductsregulationsservicespartnersnewsevents
Compliance Spectrum Products

Current News
April 15, 2008
Hogg Robinson Group (HRG) selects Spectra to manage IT Policy and Compliance company-wide
More >>

Events
April 22-24
Information Security Europe
More >>

Latest Webinars
PCI Beyond Compliance: Implementing a Successful PCI DSS Program That Translates Into Longer Term ROI Benefits
More >>

Whitepapers
Automating the Compliance Mangement Lifecycle

Downloads
Visit the Download Center


The Compliance Authority

Sign Up
Compliance Authority>>
 


Spectra: Automating the Compliance Lifecycle
Spectra is the first software product built specifically to reduce the cost of auditing services by automating the entire compliance lifecycle—from policy identification to implementation to remediation.

The objective of Spectra is to dramatically lower the cost and reduce the risk of compliance management. Spectra is designed to meet the needs of Chief Security Officers (CSO), Chief Compliance Officers (CCO), Chief Information Officers (CIO) and their teams. With Spectra, organizations can automate critical activities associated with achieving, maintaining and demonstrating compliance to auditors, and with managing the overall audit process. Spectra integrates the output of existing sources of Information Technology (IT) security and compliance data with user defined regulatory objectives and controls.

DOWNLOAD>> "Spectra: Automating the Compliance Lifecycle"

Our flexible ITIL framework supports mapping of all major regulatory mandates and industry standards such as SOX, GLBA, NERC CIP, FISMA, PCI and HIPAA to industry accepted codes of practice such as ISO 27001/27002:2005; COBiT 4.0, FSA and Compliance Spectrum's own policy framework.

DOWNLOAD>> Spectra for NERC solution brief

DOWNLOAD>> Spectra for PCI solution brief


Spectra provides:
  • an auditable, centralized repository for policies and controls, comprehensive templates for beginning an IT Compliance program, and policy deployment and awareness tracking
  • integrated, centralized audit point tracking capabilities for internal and external audit activities and auditor-relevant views of data and reporting
  • automated traceability from regulatory mandates to objectives, controls and evidence

Spectra is role-based. Roles give specific permissions to users to view data, perform certain operations or access particular functions. Roles are logically grouped into User Groups according to their functions. Managers determine the nature and privileges of each of the roles within the User Groups, and system administrators configure them accordingly.

Default roles include:
Audit Management User Group                              Internal Auditor demo

  • Audit officer
  • Audit owner

    Compliance Officer User Group                              Compliance Officer demo

  • Compliance management officer
  • Compliance management owner
  • Compliance management coordinator

    Policy Management User Group                              Policy Manager demo

  • Policy officer
  • Policy owner
  • Policy coordinator
  • Temporary reviewer

    Spectra's Evidence Framework integrates existing systems and sources of IT security and compliance data into the CC system, and automates compliance reporting against specific objectives and controls.

    Spectra's Policy Management Capability provides customers an auditable, centralized repository for policies and controls by providing:

    • Policy/control development, review and approval workflow
    • Pre-defined control templates based upon industry standards and best practices
    • Creation, maintenance, deployment, tracking and reporting on policy awareness programs
    • Facilitation and record attestations to compliance controls
    • Import and integration of existing policies and controls

    Spectra's Audit Management Capability provides integrated, centralized audit point tracking capabilities for internal and external audit activities, the ability to track audit and assessment point tasks to closure and perform compliance self-assessments by providing the following:

    • Audit point tracking from discovery to closure
    • Preparatory audit reporting
    • Certification and Accreditation (C&A) and Project Objectives (POAM) weakness milestone tracking and reporting (available in Compliance Spectrum’s Federal version)
    • Auditor-relevant views of data and reporting and a central place to create, track and view the audit assessment process with a high-level view of each assessment point.

    Spectra's Reporting Capabilities provide automated traceability from regulatory mandates to objectives, controls and evidence. This provides a flexible compliance management framework that supports mapping of all major regulatory mandates and industry standards (SOX, GLBA, HIPAA, NERC CIP and FISMA) to industry-accepted codes of practice such as ISO 27001/27002:2005 and COBiT 4.0 and includes:

    • Traceability matrices
    • Auditable repository
    • Dashboards
    • Reporting
    • Evidence locker
    • Adapters

    Request a Demo


    Webcast Registration


    Contact us to learn more >>

    		•
    aboutproductsregulationsservicespartnersnewsevents
      ©Compliance Spectrum 2007. All Rights Reserved.Privacy Policy