Time Sensitive Controls
You will spend a lot of time writing or altering Policies, creating and documenting Processes, and implementing or reconfiguring Technologies, in order to get through your first Audit and gain Certification. It doesn't end there however, because many of the changes needed that are detailed in the requirements and controls of a compliance policy need to be reviewed and/or updated at regular intervals.
It is not enough, for example, to simply "have" an Information Security Policy, you also need to review it at regular intervals and make any alterations needed to keep it in line with changes to the business, market conditions or updates to the Policy made by the Standards Organisation.
Opt-Sec Compliance Systems have a mechanism built in to every requirement or control which needs to be reviewed, or updated according to the policy.
Warnings & Alerts
Using the example we have just given of the need to review your Information Security Policy, you have the ability to determine the frequency of the reviews to fit with your statement of compliancy. The System will send you a Reminder BEFORE the review date so that you have time to schedule your Review Meeting. The System will also send you an Alert if you have not updated the necessary documents in the repository in good time. If the deadline is passed without action, the Compliance Status on the System changes to "Non-Compliant" and Alerts are sent to all stakeholders who will quickly and easily be able to drill down and see exactly what (and who) has caused the lapse.
Opt-Sec Compliance Systems can therefore keep a constant watch on your compliance status, provide gentle reminders to the specific people who are required to take action and alert the powers that be of any impending, or inadvertent breach in compliancy.
User Defined Controls
If the nature of your compliance statement is such that you would like to vary the settings of the System, there is also the provision for you to create and/or ammend the way that requirements and controls are expressed. For example, it is reasonable, under the right circumstances, for an organisation to declare that they have reviewed a specific requirement or control and determined that, in their case, it does not need to be satisfied for them to be compliant.
The User Inferfaces of Opt-Sec Compliance Systems provide the facility to Add, Remove and Ammend descriptions without diverting from the Objectives, Requirements or Controls laid down by the Policy itself. This allows you to truly make the system fit your own unique circumstamces whilst at the same time letting the system keep you compliant.