Feature - Attach Compliance Packages to 3rd Parties Only

Hi Guys,

One to think about. I have a compliance package Cyber Essentials that I am attaching to a third party. However I do not want to be bench marking my own company against this. It there anyway that Eramba can only attach it to the 3rd party so I do not see it on my compliance analysis against the company?

This is an interesting question. My understanding us that you would create services that map to that compliance package only, and only use assets relevant to the third party you’re concerned with. So, if Cyber Essentials has 30 controls, you would add an appropriate number of services to your existing set.

I don’t necessarily see this as a problem. I do think it would be helpful to be able to organize security services by the third party they support. We could get the information we want out of compliance analysis, but being able to rapidly sort services by third party through the security services tab would go a long way toward keeping a growing list of controls organized.

I hope this didn’t take us off topic or diminish the weight of your question b.stephenson.