New Product Release: Automated Security Audit Management
Tugboat Logic is proud to announce the availability of our latest feature: Automated Security Audit Management. This new capability automates the process of getting certified on security frameworks such as SOC 2 and ISO27001 by allowing third-party auditors to create and manage audit projects within the Tugboat Logic platform. You can then respond to these requests quickly and confidently by simply linking to the evidence in your InfoSec system of record.
How We Help
Get Certified More Quickly: By using automation, you can respond to auditor evidence requests faster, pull evidence stored in your Tugboat Logic policies and controls that is more likely to be approved the first time, and collaborate with your auditor on items that are unclear or require more information. This makes the end-to-end audit process much faster, which means you get your attestation or certification earlier so you can use it too sell your product or service more effectively.
Reduce the Cost of Certification: Tugboat Logic’s Certification Management Module helps reduce the overall cost of certification by providing you with prebuilt policies, controls, implementation guidance for the most prevalent security frameworks, such as SOC 2, ISO27001/2, GDPR, HIPAA and more. In addition, we have do-it-yourself gap assessment and task management system, so you can assign and track control implementation tasks required to get prepared for your audit. By doing this certification readiness stage yourself, you will save up to 50% on consulting fees.
Kill Two Birds with One Stone: And the time and cost savings don’t stop with your first audit. If you need to do a renewal of your certification, or perhaps have to do another framework, you can re-use over 90% of the policies, controls, and evidence you collected in your previous audit to help you pass the next one. For example, by using the information from your SOC 2 audit to get ISO27001/2 or HIPAA, you can kill two birds with one stone, saving significant effort and money.
How It Works
Tugboat Logic’s Automated Security Audit Management feature has many powerful new capabilities designed to automate all aspects of a typical security audit process:
Certification Project Dashboard & Evidence Task Upload Tool: Invite auditors to upload their evidence task list into the Tugboat Logic platform, and use an at-a-glance dashboard to quickly ascertain the progress of your project by seeing what tasks you have been submitted, and what tasks the auditor has approved.
Evidence Request Page: Automatically assign and track the status of individual evidence requests. Quickly submit evidence to these requests by linking to Tugboat Logic policies, controls and/or collected evidence files.
Auditor Collaboration: Confused by an evidence request? Use the built-in commenting tool on the evidence request detail page to request more information from the auditor, so you can keep the project on schedule. Conversely, if you submit evidence and the auditor needs more information, they can also contact you. Alerts available within the platform and via email notifications.
Evidence Repository: Central repository for storing all evidence files pertaining to your audit, with the ability to link it to your security controls. Also supports recurring evidence collection for tasks that need to be done annually, quarterly, weekly, etc., with reminder notifications for any past due tasks.
Jira Integration: Want to use Jira to manage some or all of your evidence tasks? Send evidence requests tasks to Jira to manage, and the Jira ticket status will be automatically updated in the Tugboat Logic system.
Export Evidence Task Responses: Auditors can automatically export evidence request responses, along with their associated evidence files for their official records during the audit. Bulk export and individual export per evidence request are supported.
Want to Get Started?
Interested in learning more about how you can use Tugboat Logic to demystify and automate passing your next security audit in record time? Please click here to schedule a live demo.
Creating a plan for Security Awareness Training is only half the battle. Implementing and ensuring that your employees follow that plan regularly is the key to implementing this control. Also, investing in training and security awareness programs is vital for sustainable business growth and success.
How you train your employees will largely determine their effectiveness and adherence to company policies. While many practices can be common sense and their skills catered specifically to the job they were hired to perform, a training plan can go a long way to ensure that elements of your organization stay safe, secure and run as smoothly as possible.