Compliance monitoring and controls testing

Skill Definition

Compliance monitoring and controls testing refers to the implementations and processes used to verify ongoing conformance to security and/or legal and regulatory requirements against technical, physical, procedural and personnel controls. The principles of the skill are to define and implement processes to verify ongoing conformance to security and/or legal and regulatory requirements, and carry out security compliance checks in accordance with an appropriate methodology. Compliance monitoring and controls testing covers compliance checks and tests against technical, physical, procedural and personnel controls.

Awareness

Describes the benefits of compliance monitoring and controls testing and can list the common compliance monitoring standards, e.g. ISO/IEC 27001, PCI DSS, IAMM

Maintains understanding of statutes and regulations

Follows documented procedures for compliance or regulations

Working

Explains the main principles and processes involved in conducting a compliance monitoring and controls testing exercise

Reviews and implements alterations to operating procedures in response to changes in regulations or statutes

Educates/provides guidance on the implementation of regulations

Practitioner

Conducts compliance monitoring and controls testing

Understands wider regulatory context and how it can be applied to best meet the business needs of the organisation

Designs and leads implementation of business change, where required by regulation

Leads the implementation of regulations within the security function

Expert

Leads compliance monitoring and controls testing activities for an organisation

Champions opportunities that regulation and compliance can provide to an organisation at senior manager or board level

Promotes compliance or regulation within the security function

Reports significant non-compliance issues to senior management