.

.

Governance, Risk Management, and Compliance Plan

Governance, Risk Management, and Compliance (GRC) Plan Assessment
Business Information
In this section you tell us your business and contact information so you can receive your customized free Regulatory Compliance Plan.

Business name*

Business name*

Clear selection

Contact name*

Contact name*

Clear selection

Phone number*

Phone number*

Clear selection

Email address*

Email address*

Clear selection
Business Assessment

Type of business. In a few words, what is your business?*

Type of business. In a few words, what is your business?*

Clear selection

Industry*

Industry*

Clear selection

Are you customer facing, or vendor to other businesses?*

Are you customer facing, or vendor to other businesses?*

Clear selection

Who do you use for payment processing?

Who do you use for payment processing?

Clear selection

Do you store any personally identifiable information?*

Do you store any personally identifiable information?*

Clear selection

Do you have any regulatory information security requirements?*

Do you have any regulatory information security requirements?*

Clear selection

Where is your infrastructure hosted?*

Where is your infrastructure hosted?*

Clear selection

Data center/cloud vendor(s)

Data center/cloud vendor(s)

Clear selection

In general terms, what are the most important assets (physical and digital) that you need to protect?

In general terms, what are the most important assets (physical and digital) that you need to protect?

Clear selection
Regulatory Standards Assessment

Have you completed and earned your PCI - Payment Card Industry certification?*

Have you completed and earned your PCI - Payment Card Industry certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your HIPAA provider - Health Insurance Portability and Accountability Act (health services and insurance provider) certification?*

Have you completed and earned your HIPAA provider - Health Insurance Portability and Accountability Act (health services and insurance provider) certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your HIPAA vendor - Health Insurance Portability and Accountability Act (vendor to health services and insurance providers) certification?*

Have you completed and earned your HIPAA vendor - Health Insurance Portability and Accountability Act (vendor to health services and insurance providers) certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your FedRAMP - Federal Risk and Authorization Management Program certification?*

Have you completed and earned your FedRAMP - Federal Risk and Authorization Management Program certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your HITRUST - Control Objectives for Information and Related Technologies certification?*

Have you completed and earned your HITRUST - Control Objectives for Information and Related Technologies certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your SSAE-16 - Statements on Standards for Attestation Engagements certification?*

Have you completed and earned your SSAE-16 - Statements on Standards for Attestation Engagements certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your ISO/IEC 27001 certification?*

Have you completed and earned your ISO/IEC 27001 certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your NIST Cybersecurity Framework certification?*

Have you completed and earned your NIST Cybersecurity Framework certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your NIST SP-800-53 certification?*

Have you completed and earned your NIST SP-800-53 certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your SOC 1 Report certification?*

Have you completed and earned your SOC 1 Report certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your SOC 2 Report certification?*

Have you completed and earned your SOC 2 Report certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your SOX - Sarbanes Oxley certification?*

Have you completed and earned your SOX - Sarbanes Oxley certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your GDPR - General Data Protection Regulation certification?*

Have you completed and earned your GDPR - General Data Protection Regulation certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your COBIT5/COBIT 2019 - Control Objectives for Information and Related Technologies certification?*

Have you completed and earned your COBIT5/COBIT 2019 - Control Objectives for Information and Related Technologies certification?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection

Have you completed and earned your other certifications (not listed above)?*

Have you completed and earned your other certifications (not listed above)?*

This question is intended for you to initiate your own certification process. Answer Yes if you have completed the certification process and earned the certification for the current cycle. Answer No for required compliance, but not started, incomplete, or not certified yet. You need to obtain (or complete) this certification ASAP. You can answer N/A if you are not required compliance.
You may need to hire a professional firm to attest to your completion and compliance. Retaining all documentation for certification speeds up recertification. Once a certification is issued, you can update your certification status on your website and other marketing materials. If you have findings preventing you from certification or you have not completed certification yet, you should complete the process as soon as your findings are corrected/verified.
Some certifications are ongoing and once issued you have the next 12 months to renew it.

Clear selection
Risk Assessment
In this section we will guide you through a self-assessment of your assumed and known risks. There may be other risks you may not be aware of. Those may be general, or specific to your industry. When asked to create/have an inventory/list offline, please make sure you have it ready for your own internal use.

What are the perceived most likely risks that your business could face? Please list all you can think of within your answer.*

What are the perceived most likely risks that your business could face? Please list all you can think of within your answer.*

Clear selection

Do you have a list of your internal processes and data workflows documented? You will need this list for your internal use.*

Do you have a list of your internal processes and data workflows documented? You will need this list for your internal use.*

Clear selection

Do you have a prioritized list with the mission, objectives, and activities to perform when your organization finds itself incapacitated to operate in a digital manner? You will need this list for your internal use.*

Do you have a prioritized list with the mission, objectives, and activities to perform when your organization finds itself incapacitated to operate in a digital manner? You will need this list for your internal use.*

Clear selection

Do you have a prioritized list of resources (all items listed under the previous section) based on criticality and business value to continue operating the business? You will need this list for your internal use.*

Do you have a prioritized list of resources (all items listed under the previous section) based on criticality and business value to continue operating the business? You will need this list for your internal use.*

Clear selection

Do you have a risk tolerance established and clearly expressed? This is a document of how much your organization can be digitally incapacitated without losing the ability to interrupt business operations. You will need this document for your internal use.*

Do you have a risk tolerance established and clearly expressed? This is a document of how much your organization can be digitally incapacitated without losing the ability to interrupt business operations. You will need this document for your internal use.*

Clear selection

How can we help you?

Would you like to discuss how BlueKatana can help you with your software needs?