Solutions


COBIT Compliance

The COBIT framework was created by the Information Systems Audit and Control Association (ISACA) to provide specific guidance for creating and assessing IT controls.

COBIT addresses 34 IT processes grouped into 4 domains:

  • Planning and Organization
  • Acquisition and Implementation
  • Delivery and Support
  • Monitoring

Within each of these domains, there are detailed guidelines for the assessment of every major IT process.

COBIT has emerged as the popular framework for identifying and assessing IT controls to ensure SOX 404 compliance. However, compliance with COBIT is taxing without an automated infrastructure that makes the assessment and reporting process streamlined, efficient and sustainable.


The Agiliance Solution

Agiliance IT GRC 5-step process


Agiliance's Key Capabilities:

  • Maintain a repository of all assets (hardware, software, physical IT infrastructure, IT processes) that contain relevant data. Asset information can either be imported from external systems or populated through asset discovery technology. The system supports a comprehensive asset data model to document relationships between assets, organizations, processes and people.
  • Enabling the organization to evaluate how critical an asset is to maintaining the integrity and confidentiality of relevant information and then assess its overall risk.
  • Maintain a library of controls based on COBIT
  • Provide an infrastructure for assessing compliance with controls
    • Automate the process of distributing and collecting periodic surveys and self assessments to evaluate compliance
    • Integrate with monitoring tools, compare asset configuration against controls and policies to identify non-compliance on a continuous basis
  • Report on asset compliance scores – both for status purposes, as well as evidence of compliance for internal and external auditors.
  • Compute an asset’s composite risk score based on multiple criteria, including business impact of its impairment, compliance with policies, including security policies, and its vulnerability based on external feeds. The risk score allows users to prioritize which non-compliant assets need to be addressed first for remediation.
  • Trigger the remediation process.
Live Demo Sign Up