Session 1 Flashcards

1
Q

Overview / Context / Purpose

A

When discussing ControlMap with a partner for the first time, you should try to get some background on the partner’s relationship with compliance and/or compliance as a service.

  • What spurred their decision to sign up for ControlMap?
  • Is there an immediate compliance need for them or for one of their clients?

Many partners use their own company as their first tenant (what ControlMap calls companies created in the MSP portal), and this allows them to become more familiar with the tool in a way that benefits both themselves and their customers.

  • What spurred their decision to sign up for ControlMap?
  • Is there an immediate compliance need for them or for one of their clients?

The obvious answer here would be that they want an additional service offering, but there’s likely more to it than this.

  • Have they experienced something like a breach that left them feeling vulnerable?
  • Have they received a 3rd party risk assessment questionnaire from one of their vendors that made them question their own practices?
  • Have they offered compliance as a service before and were unable to make it work for them?

Establishing this context is important for setting expectations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Compliance Timeline

A

Letting them know how long these things typically take.

Set some expectations on the timeline and how continuous compliance works.

If you’re unfamiliar with compliance, you may think that it just involves a mad rush of completing documentation and collecting evidence within a period of weeks or months, but this isn’t the case.

Some partners may think “I need to get certified for X framework ASAP because if I don’t, I’ll lose a deal!” or “We need to get this work out of the way so we can say it’s done and move on.”

Compliance is not a one-off project, and it needs to be treated as an ongoing effort. It’s more like housekeeping than graduating.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

MSP Portal

A

For the vast majority of ControlMap partners, the ControlMap MSP portal is their primary method for accessing ControlMap.

The first CM onboarding session should include an overview of the MSP portal and creation of the partner’s first tenant.

MSPs can log in to their MSP portal to create “tenants” (single instances of ControlMap) for their customers, and their own credentials are tied to the MSP portal as a one-stop shop to access their customers’ tenants and manage certain aspects of these tenants globally.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Dashboard

A

You can view your active tenants in the Dashboard (default landing page) section in this “Card” view or the “List” view.

You can toggle between either view in the upper left corner of the Dashboard.

“Card” and “List” views contain the same information and the only difference is how this information is presented.

The “Source” is referring to how the tenant was created, either Manually or via an integration with a different system (Nodeware, CyberCNS, Scalepad, Breach Secure Now or Threatmate).

“Last Update” will be updated if/when any user activity has been recorded in the tenant.

”Compliance Health” is derived from the status of tasks in the tenant, and “Risk Level” is pulled from the metrics within the Risk Register section of the tenant.

“Frameworks” lists the frameworks that have been selected in the tenant.

”Pre-assessment” will only show progress if the active tenant was once a “Prospect” and the pre-assessment questionnaire in the portal was filled out.

Prospects are primarily created via Integrations as a way to pre-populate potential tenants with assets and information from the integration.

You can filter for prospects in the portal and can begin the pre-assessment by selecting “Start.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Frameworks

A

A collection of controls that is created and maintained by an organization.

The framework an organization chooses to follow will determine their overall scope of work when pursuing compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Quick Start

A

Your Setup Guide - A subcategory to the Framework.

This is how you can populate a Tenant with more relevant information, relative to the framework.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Assessments (Deep Dive) (Gap Analysis)

A

Assessing where the biggest gaps of compliance are relative to a framework that has been selected.

This will give them an understanding of where they need to start.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Vendors

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Risk Register

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Action Items / Findings

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly