Companies tend to constantly rise the level of security by following world trends, implementing best practices, but first of all by following international standards requirements. On top of that there are requirements that have to be followed, like Legislations, Regulations, Government bodies and so.

When you combine all of this together, you get a lot of checks, alignements, and changes to do. But when, on top of that, you have to do that for more companies in different countries, in and out of EU, and with different management styles, cultures and strategies, you get a real mess.

We have 12 companies, different regions, different industries, and high amount of regulations, directives, standards that we have to fulfill and be compliant with. In total we have about 4k controls that we have to check regularly, and work on achieving compliance with.

You need army of people to do this, unless you find a way to be more efficient with less work.

How to overcome a problem? Control mapping.

But mapping 1on1 doesn’t work. Controls related to one topic,can be very different in Country specific regulation, DORA, and ISO.

We spent a lot of time and effort of not just Assurance team and Assurance experts but the whole Security division, to build a comperhansive control map that we now use. And we managed to come from 4k controls to approx. 200-300 that we cover everything with. We managed to have the Map fully scalable and usable for us internally and for our customers buying assurance services form us, to be scalable on the level of granularity and details we need in certain cases…

What are the most important things to look for and to look out for…