Subject Matter Experts
Typically, an Information Security Policy will contain requirements for the improvement of physical security, staff behaviour, technology and data handling. It's rather unfair to expect a single Compliance Manager to not only have in depth knowledge of all of these areas of responsibility, but also have the ability to safely make the required changes.
The best people to accurately determine how well your existing provisions match up to the detailed Requirements and Controls, and then to work out how best to alter the Policies, Processes and Technologies in each specialist area of the business, are those who work in those areas every day.
Opt-Sec Compliance Systems are designed to make it as easy as possible for a wide range of people, from all areas of the business, to get involved in the compliance process.
Role-based Access
Perhaps the aspect of Compliance that puts most people off wanting to get involved more than any other, is the sheer amount of detail involved. The reality however, is that a subject matter expert will probably only have to be involved with a small number of Requirements or Controls that relate directly to his or her area of the business. This means that there is no need for that person to be exposed to the totality of the compliance process and risk scaring them away.
Opt-Sec Compliance Systems enable the Compliance Manager to determine which specific aspects of the Compliance Policy any individual needs to contribute to and then limit that person's access, and indeed their view of the system, accordingly.
When the subject matter expert logs into the system with their own credentials, they will only see what they need to see in order to quickly and effectively contribute.
Pulling it all Together
As individuals efficiently carry out their own assessments in the background and use the System's easy to follow GUI to enter the necessary information, their input is collated and cross-referenced to provide comprehensive reporting of progress.
The Compliance Manager, as well as any senior stakeholders, will be able to see dymanic Dashboards showing overall progress towards compliance. They will also be able to quickly drill down to see where there are still gaps and thus identify exactly who is yet to complete the work required of them.
Opt-Sec Compliance Systems also make it possible to set timescales and deadlines against the contributions of individuals and have the System send them gentle reminders, or send you alerts if deadlines are missed. How you choose to deal with these matters is of course entirely up to you but at least the System will have provided you with the information you need to take whatever action you feel is appropriate.