TrustCloud Common Controls Framework (TCCCF)

Estimated reading: 3 minutes 581 views

TrustCloud Common Controls Framework (TCCCF)

The TCCCF is a set of comprehensive controls developed based on common requirements from various industry security and privacy frameworks, such as NIST, ISO, SOC, and HITRUST. Since most frameworks have the same underlying security and privacy requirements, TrustCloud has created a TCCCF that focuses on the fundamental controls shared among common regulatory compliances. Adopting the TCCCF enables meeting requirements for many security and privacy standards, such as SOC 2, ISO 27001, HIPAA, GDPR, and so forth.

The TCCCF includes 200+ controls and is currently aligned with SOC 2, HIPAA, ISO 27001, ISO 9001, GDPR, CCPA, ISO 27701, CMMC L1 and L2, NIST Cybersecurity, NIST 800-171, and NIST 800-53.

The TCCCF is updated at least quarterly with new controls, and existing controls are revised to align better with framework updates and changes.

Objectives of TCCCF

The regulatory compliance space continues to grow and change rapidly. Organizations are ever-flooded with many compliance requirements to deal with, and it is challenging. TCCCF is an attempt at taking the worry away and figuring out the compliance requirements for you. Our curated framework compiles all the key requirements and gives you a set that is easy to use. TCCCF is developed by focusing on the common underlying requirements across standards and drafting controls to meet those requirements.

This methodology allows the TCCCF controls to be agnostic! Meet a control once and comply with many other standards. The bulk of the work (70–80%) is already done by the TCCCF framework, while working towards a specific framework.

Benefits of using TCCCF

TCCCF focuses on the overall security and best privacy practices of your organization. It is a good first step and an effective way to prevent and mitigate cybersecurity risks. Using a general controls framework can help any organization demonstrate a security and compliance posture to its auditors or to its customers. The TCCCF is mapped to many compliance frameworks and allows you to easily adopt or expand into different compliance frameworks. The benefits of using TCCCF are:

  • Getting a baseline set of controls and evidence requirements for security and privacy to help get a head start on compliance
  • easy adoption of multiple compliance frameworks
  • Efficiency gained through combined audits (since the same evidence can be used across audits, by combining all your audits at once, your team gains time back and makes audits a joyful process again)
  • Joyful compliance means the control owner only has to worry about a control once and meet many standards
  • Allows for benchmarks for other compliance frameworks
  • Map TCCCF controls to your policies so that you can measure policy and compliance risk.

Join the conversation