C2C SmartCompliance: GRC Firm Offers Point-and-Click Solution for Conducting AssetRisk Assessments

Steve Crutchley, Founder & CEO
With more and more CIOs being asked to conduct asset risk assessments, a Virginia GRC firm has unveiled a point-and-click solution that won’t break the budget. “Our tools have been engineered to give CIOs full line of sight across the organization’s risk landscape and to help them identify steps they can take to mitigate risk in a familiar drag-and-drop interface,” explains Steve Crutchley, founder and CEO of C2C SmartCompliance (c2csmartcompliance.com). Crutchley’s firm offers a trio of easy-to-use web- or enterprise-based risk management and compliance solutions that can be tailored for implementation.

Depending on the specific needs of the organization, many CIO's will be more than satisfied with the firm’s My Risk Assessor™, product, which was designed specifically for conducting risk assessments and business Impact Assessments (BIA). This includes everything from the risks associated with products and services to personnel, hardware, software, and infrastructure — essentially any type of risk outside the traditional realm of finance. My Risk Assessor™ gives CIOs the capability to map a business impact analysis to a specific asset, owner, requirement or regulation.

“Since all assets are subject to threats and vulnerabilities, our products come preloaded with capabilities to detect and prioritize series of possible threats, vulnerabilities, and mitigating controls,” according to Crutchley, whose firm has more than 25 years of Governance, Risk and Compliance auditing and consulting experience.

My Risk Assessor™ includes an automated statement of applicability (SoA), automated risk treatment plans, gap analyses reports and comparative analyses. Other features include:

• Easy-to-use interface
• Structured approach and proven methodology
• Customizable weighting capability according to the importance of assets
• Customizable risk scenarios
• Prepopulated threat libraries
• Ability to add new threats
• Automated reporting of threats, vulnerabilities and controls
• Customizable properties
• Interactive report capability
• Automated Statement of Applicability (SoA) for ISO/IEC 27001
• Automated risk treatment plans
• Customizable CIA values
• GAP analysis reports
• Comparative analysis
• Customizable impact values
• Customizable probability values
• Control prioritization
• Search capability
• Run assessments
• Customized corporate branding
• Exportable to CSV format
• Business Impact Analysis component with template options
• Assessment interface (CAP)

In addition to the asset risk functionality, compliance Assessment Professional™ and Compliance Mapper™ are much more encompassing solutions that automate the tedious task of regulatory compliance by mapping the relationships among requirements and identifying the most critical ones.

As new requirements are added and removed, CIO scan see any potential changes that will be needed to the organization’s overall policies, procedures and workflow — before they are implemented, giving the organization time to make necessary adjustments. C2C SmartCompliance’s clientele includes both large and medium-sized companies in the banking, financial, healthcare, power, manufacturing, and technology industries. “We have been able to give all of our customers’ detailed insight into subtle changes in their systems that they might not have otherwise noticed without our interactive solutions,” Crutchley says.

Our software makes the compliance process more efficient and allows companies to create meaningful reports

The company is constantly growing and has amassed a track record of producing good results for its clients over the years. In addition to the firm’s innovative compliance technology, C2C SmartCompliance is also emerging as a content provider with a library of more than 2,000 regulations, standards, and best practices. “Unlike other content providers operating in the GRC space, we can provide added value with mappings that highlight hidden relationships,” concludes Crutchley.

C2C SmartCompliance

Alexandria, VA

Steve Crutchley, Founder & CEO

Providing extensive expertise in information security, risk management, and regulatory/standards compliance.