ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

You are here: Home / Solutions / One Audit
  • Overview
  • Resources

Assess once, comply to many.

OneAudit

Almost every business has to comply with multiple information security related standards and regulations. IT compliance audits are complicated, expensive, and full of challenges. These can include but are not limited to PCI DSS, ISO 27001, GDPR, HIPAA, HITRUST, FISMA, NIST 800-53, MARS-E, BITS FISAP. Managing these audits individually poses a number of challenges for a business; including repetition of efforts, managing multiple audit firms, increased costs, complexity and time.

Audit

Reduce Audit Fatigue

Costs

Reduce Compliance Costs

Auditors

Deal With Fewer Auditors

Time

Reduce Audit Preparation & Execution Time

THE CONTROLCASE ONE AUDIT™ SOLUTION ENABLES ORGANIZATIONS TO PERFORM
A SINGLE AUDIT AND COMPLY TO
MULTIPLE REGULATIONS.

ONE AUDIT™ blends enterprise software solutions, hosted solutions, and managed services to streamline the creation, mapping and updating of internal and external controls, thus empowering IT, Security, and Compliance Managers to COLLECT EVIDENCE AND RISK CONTROLS ONCE AND MAP ACROSS MULTIPLE REGULATIONS. It also combines the power of our proprietary and concise questionnaire which maps multiple IT standards, regulations along with automated techniques to answer the questionnaire for different IT infrastructures by one Audit Firm with the outcome of multiple certifications.

One Audit Consolidated Regulations & Standards

PCIDSS

PCI DSS

ISO

ISO 27001 & 27002

GDPR

GDPR

HIPAA

HIPAA

NIST

NIST 800-53

FISMA

FISMA

SOC

SOC2

SCA

SCA

One Audit Timeline & Approach

OneAuditTimelineApproach
FullFrontalImacTransparent

THE ONE AUDIT SOLUTION INCLUDES:

  • Dashboards with flexible reporting that consolidates views of compliance efforts
  • Graphical views of compliance progress across multiple regulations
  • Automated evidence collection in the cloud
  • Partnership approach
  • Service can be delivered remotely
Sample Mapping Question # / Question PCI DSS ISO 27001 SCA SOC2 HIPAA NIST 800-53
Question Number Question PCI DSS ISO 27001 SCA SOC2 HIPAA NIST 800-53
50 For all assets identified in the sample selected by the assessor, provide evidence of logical access account and password features including:
– Account lockout policy
– Account lockout duration
– Session timeout policy
– Password length
– Password complexity
– Password history
– Password expiry		 8.1.6
8.1.7
8.1.8
8.2.3
8.2.4
8.2.5		 9.3.1
9.4.2
9.4.3		 H.5 CC6.1 164.308(a)(5)(ii)(d) AC-7
AC-11
AC-12
IA-4
IA-5
64 Provide PCI scope Application, server, network devices and database user access (permission) list with business justification for each user – (No need to include the consumer user list for applications)

Also provide supporting system screenshot showing the current added users

Security Posture QA:
  1. Ensure all applications, OS and DB are in scope of evidence
  2. Ensure for each that there are no generic ids being used. This would include looking at user lists and also logs to ensure no users logging in using generic ids
 7.1.1 9.2.1
9.4.1		 D.8 S3.2, S3.4
C3.8, PI3.2
PI3.5, P8.2.2		 164.308(a)(3)
164.308(a)(4)
164.312(a)(1)
164.312(a)(2)(i)
164.312(d)		 AC-1
AC-2
AC-3
AC-14

Data Sheet: One Audit

Webinar: Compliance 101: HITRUST Update 2023

View Recording

Webinar: Compliance 101: Data Protection by Design

View Recording

Webinar: Data Protection by Design – The Multicert Way

View Recording

Webinar: Integrated Compliance – Collect Evidence Once, Certify to Many

View Recording

Webinar: Integrated Compliance – August 2018

View Recording

News: ControlCase New CEO Reinforces One Audit for Compliance with Multiple Regulations

September 8, 2020

News: ControlCase “One Audit” to help simplify compliance with the EU’s GDPR

May 23, 2018

News: ControlCase Partners with Jagged Peak for PCI DSS and HITRUST CSF Compliance using “One Audit”

February 29, 2016