At a glance
Product: Ignyte Assurance Platform
Price: Subscription starts at $50,000
What it does: Automates control mapping for compliance frameworks.
What we liked: Simple and straightforward user interface.
The Bottom Line: Saves time for organizations managing multiple compliance frameworks.
MAFAZO’s Ignyte Assurance Platform offering provides organizations with a broad view of compliance requirements and the gaps that must be addressed to meet them. Because it is framework agnostic, the platform can ingest and build workflows based on specific framework requirements like GDPR, NIST, PCI and HIPAA.
The assurance platform accurately maps controls from different compliance frameworks and deliverers a dashboard-driven holistic view for addressing them. The platform applies a structured approach to help organizations working through the process of becoming compliant. Contextual mapping through an intuitive dashboard interface allows natural language processing to map controls from one framework to another. The dashboard supports multiple organizational roles to which individual controls can be assigned, tracked and used for evidence collection.
The truly flexible dashboard can be configured to meet the diverse needs of clients. There are more than 60 out-of-the-box widgets for dashboard components that are tied to controls to track completion as well as progress on deficiencies across the compliance standards. After desired control groups are selected, Ignyte identifies common controls as well as the resulting gaps, which are highlighted using Venn diagrams to illustrate the scope of one framework as compared to another. For our example, we looked at a company that required the HIPAA Security Rule as compared to NIST RMF(4), then NIST CSF was added to the diagram. The Venn diagram illustrates the relative scope of one framework as related to another. This comparison generates a coverage grid that is useful for dealing with auditors. When done manually, this process of mapping control frameworks would take weeks or months of effort. By contrast, using Ignyte, this process can be completed with the click of a button. The key to these efficiencies is machine learning that is used in the background to do the control mapping. Organizations can create a risk assessment using the selected set of frameworks. Once the template is created users are assigned to specific roles for completing the assessment. System settings support varying types of control status designations including compliant, non-compliant, partially compliant, and N/A with scales that indicate which are most important. The result is a system that associates workflow activities with specific responses based on the selected input filters. During an assessment, users can add a comment, attach an artifact, then select the maturity and final control status. Information for responses is fed into a graphically rich summary accessible by executives as well as related stakeholders.
As information is collected, it is aggregated at a deficiency register where it is logged for tracking and accountability. The deficiency register illustrates the number of missing items for a control and data can be further enriched with additional components like automated documentation requests, mapping assets to a control and adding vulnerabilities to controls. This approach helps with resource planning as organizations can project resource requirements for completing a given assessment.
The Ignyte Assurance Platform provides great insight into the often-challenging task of mapping controls across multiple compliance frameworks and helps organizations rapidly evaluate resource requirements for current as well as evolving compliance standards.