Ask a Question

Adopting a new framework

What does your team consider when thinking about adopting a new framework? How do you perform that evaluation?

compliance icon GRC Q&A
All Replies

Viewing 0 reply threads

  • When adopting a new framework, it’s important to consider the business objectives you are trying to accomplish. Most B2B companies will require reports such as a SOC 2 or ISO certification as a starting point, while B2C companies may need to consider PCI.

    To evaluate a starting framework that’s appropriate for your organizaiton, or to consider the additional frameworks to adopt, consider the following:
    – What is your product?
    – Who is your client?
    – What information does your client require around your cyber security posture?
    – If you were to explore a framework, how many deals in your existing pipeline would be assisted? What clients could you pursue that you aren’t able to now because of information security?

Viewing 0 reply threads

Join the conversation