Compliance monitoring and controls testing

Skill Definition

Compliance monitoring and controls testing refers to the implementations and processes used to verify ongoing conformance to security and/or legal and regulatory requirements against technical, physical, procedural and personnel controls. The principles of the skill are to define and implement processes to verify ongoing conformance to security and/or legal and regulatory requirements, and carry out security compliance checks in accordance with an appropriate methodology. Compliance monitoring and controls testing covers compliance checks and tests against technical, physical, procedural and personnel controls.

Awareness

Describes the benefits of compliance monitoring and controls testing and can list the common compliance monitoring standards, e.g. ISO/IEC 27001, PCI DSS, IAMM
Maintains understanding of statutes and regulations
Follows documented procedures for compliance or regulations

Working

Explains the main principles and processes involved in conducting a compliance monitoring and controls testing exercise
Reviews and implements alterations to operating procedures in response to changes in regulations or statutes
Educates/provides guidance on the implementation of regulations

Practitioner

Conducts compliance monitoring and controls testing
Understands wider regulatory context and how it can be applied to best meet the business needs of the organisation
Designs and leads implementation of business change, where required by regulation
Leads the implementation of regulations within the security function

Expert

Leads compliance monitoring and controls testing activities for an organisation
Champions opportunities that regulation and compliance can provide to an organisation at senior manager or board level
Promotes compliance or regulation within the security function
Reports significant non-compliance issues to senior management