SureCloud

The Third Party Risk Management product enables improved collaboration with vendors, by sharing links to assessments so that vendors can add their data directly into the SureCloud environment, while benefitting from a customized experience. Organizational compliance can be improved due to better consistency being applied.

The SureCloud CCM product allows pre-built or customized controls to be configured to automate collection of evidence (e.g. risk or other metrics). The inherent mapping of controls to compliance requirements translates technical data directly into regulation-level outcomes, and can assure the organization of preparedness for audits.

Data Privacy Management supports a broad range of requirements in this area where organizations’ requirements are expanding and diversifying. It includes processes for managing a data inventory, handling the regulatory needs around data breaches, and for managing and responding to data subject access requests.

The Incident Management product can support multiple types of requirement including handling data breach aftermath, and maintenance of resilience. Accountability and efficiency are promoted via a management structure for incidents, and task assignment capabilities. Pre-built processes are incorporated for incident lifecycle elements including the communication of alerts; identifying, assessing, and identifying incidents’ root causes; and to support post-incident remediation.

The Business Continuity and Resilience product supports management of planning, managing and execution of organizations’ contingencies to cater for disruption. It incorporates guidance on best practices as well as the compliance context of resilience, as aids for documenting business continuity plans, testing strategies, and also integrates with Incident Management to support operational aspects. Formal continuity requirements and arrangements such as critical path analysis, or call tree definition, can be built using the workflows that the SureCloud platform supports. The company states that the product supports continuity elements that arise from leading standards and frameworks including SCF, ISO27001, NIST 800-53, GDPR, PCI DSS, and HIPAA.

The SureCloud platform provides an unusual feature known as Intelligent Reporting & Playback. Its basis is the version history (which is shared across the platform and products) of changes that are made to the customer’s SureCloud implementations. A user can choose to focus their view of this data on a previous version of a data item, and for all views of other data items to correspond to their state at the date/time on which the user’s focus is currently set. This view of event history is described as being like an ‘action replay’ of how events change the risk/compliance program over time, and can be useful in analysis of an incident or breach, or in an audit scenario.

Usage charging for the platform and products is based on the number of unique users per month.

Proven in live use by some impressive customer names, SureCloud’s GRC capabilities should be of interest to organizations looking to minimize complexity and cost in their GRC operations. Amongst its advantages are a very up-to-date technology foundation, with the prospect that AI will thread easily into a number of product areas. With a wide range of GRC use cases covered, and a very busy program of product development delivering over the year upcoming, SureCloud is already gaining some significant customer wins, and we would expect more to follow.