When is the last time you overheard a conversation like this?
- “It’s audit time!”
- “Great! Bring it on!”
Never? Well, KnowBe4, the world’s premier security awareness company, has developed a compliance manager platform that changes audit headaches into audit high-fives.
Called KCM (KnowBe4 Compliance Manager), this new technology has been proven to reduce audit preparation time by half and cut the email flurry to zero. That’s right, I said “zero emails” for your audit process.
But before I go into the “how” of KCM, allow me to share the “why.” I asked KnowBe4’s SVP for KCM Strategy, Blake Huebner, why KnowBe4, a renowned security awareness training company, would expand into compliance. His response makes total sense:
“Security awareness is about reducing employee risk to the organization; Governance, Risk Management and Compliance (GRC) is about reducing organizational risk,” explains Huebner. “There is a natural synergy between the offerings. KnowBe4’s approach with their platforms is to develop intuitive and efficient applications. GRC has been traditionally cumbersome, time consuming and expensive (both in resources and licensing). We are changing that dynamic by offering an easy-to-use platform, while still offering flexibility.”
How Does it Work?
As a certified KnowBe4 partner, Savvy Training & Consulting can provide you access to free demos and case studies. But for now, allow me to first outline the challenges around audits and then share how KCM solves them.
Prepare to Be Audited
The audit preparation process can be long and tedious as documentation has to be gathered from departments that are unprepared or disinterested in the audit process. Confusion about what is actually required, who needs to provide it, and when it must be completed is par for the course.
Many people are guaranteed to forget whatever it was that they did to complete the prior request or think it is different from what was previously provided, generating multiple emails to get it clarified.
All the pieces of evidence that must be collected to document an organization’s compliance status are often stored in a disjointed collection of network folders, email inboxes, workstation hard drives and SharePoint folders. This can make collection and presentation to an auditor quite inconvenient.
As a security administrator, the pestering nature of chasing up documentation from co-workers can make them want to hide when they see you coming. These headaches (and more) are all too familiar to a security administrator or compliance officer.
The problem in a nutshell
- Endless collections of complicated spreadsheets that are used to track audit requirements and the evidence needed for each.
- Email chains between you and multiple other parties requesting each piece of evidence… Perhaps you receive a few emails deferring responsibility… Maybe some emails asking for clarification about what is required… Emails with follow-up requests… Always more emails!
- Tackling the inevitable dense forest of nested folders spread out on some shared network drive that are used to store (err…hide?) the evidence you worked hard to gather.
How Does KCM Solve All of These Issues?
KCM is a SaaS-based GRC platform that helps you pull all of these tasks into one intuitive management tool. With KCM, you can…
- Manage and Automate Compliance and Audit Cycles: Reduce the time you need to satisfy requirements to meet compliance goals with pre-built requirements templates for the most widely used regulations.
- Centralize Policy Distribution and Tracking: Save time when you manage distribution of policies and track attestation through campaigns.
- Identify, Respond, and Monitor Your Risk: Simplify risk initiatives with an easy-to-use wizard with risk workflow based on the well-recognized NIST 800-30.
- Efficiently Manage Third-Party Vendor Risk: Easily prequalify, assess, and conduct remediation to continually monitor and keep track of your vendors’ risk requirements.
The KCM GRC platform is offered in different packages to meet the needs of all organizations and is available with the following modules to choose from:
- Compliance Management
- Policy Management
- Risk Management
- Vendor Risk Management
KCM is Already Getting Rave Reviews
Vendorin’s Michael Brodie, Corporate Security and Quality Administrator, had this to say about KCM:
“When I first proposed that we consider using the KnowBe4 Compliance Manager I faced some pushback because our current process was ‘working,’ and the system of emails, excel sheets, and network storage was ‘free.’
“However, it only took a few months of using KCM before we realized the vast difference between merely ‘working’ and ‘working WELL.’ We are now free of the stressful and inefficient cycle of playing last-minute catch-up each time the next audit period rolls around. Here at Vendorin we now divide history up to two very different eras. There were the Dark-Ages ‘Before’ KCM. But the future’s looking bright ‘After’ KCM.”
Remarkably, studies have revealed the following savings from KCM:
Would you like to see how KCM could streamline your audit process? Contact Savvy Training & Consulting today for a free demo. Get Started, or 303-800-4568