Q. What is BAP PolicySecure™?

A. BAP PolicySecure™ is an evidence-based, on-demand risk assessment software tool that reports in real-time, the health condition of an organization's compliance standards and objectives.


Q. How does my organization use BAP PolicySecure™?

A. Compliance Officers, GRC Managers, CISO's, CIO's and even CEO's observe weekly, daily or even hourly, their organization's compliance health status with the BAP PolicySecure™ dashboard. Whether tracking industry regulation like GDPR, PCI or HIPAA, or internal system security standards, like NIST 800-53, BAP PolicySecure™ links your objectives to evidence, automating enterprise-wide, policy-specific, or individual control based levels of health visibility.


Q. Is BAP PolicySecure™ a GRC tool or an IT security tool?

A. BAP PolicySecure™ fills the space sometimes referred to as the "blind spot" that sits between Compliance and IT operations.  By mapping an organization's IT event evidence to GRC objectives, BAP gives organizations instant policy health condition visibility and provides a constant state of readiness for audit, proof of due diligence, regulatory accountability and senior management visibility.


Q. What types of regulations can I use with BAP PolicySecure™?

A. Any regulation or policy objective that you want.  Whether technical or non-technical, BAP can process any policy control language.  BAP provides a growing menu of pre-packaged policy standards for your ease and convenience.  Simply select and import a policy of your choosing, or create your own policy and control package from scratch.  Currently available policies include GDPR, PCI, HIPAA, FISMA, Fedramp, DFARS, NERC, COBIT, SEC and many more.  Additionally, BAP contains over 3,500 NIST 800-53 and CSF security controls and sub-objectives.


Q. Who maintains implementation and ownership of this type of a tool?

A. There is an evolution in progress as organizations begin to realize the value of complete GRC and IT Security alignment.  BAP PolicySecure™ is proving itself as a catalyst towards driving these improvements.  Depending on the circumstance, this could be the Chief Compliance Officer, CISO, CIO, COO or even the CEO.  The key is for the individual or team to have the authority to drive accountability in both areas.


Q. What is required for BAP implementation?

A. Running BAP requires a standard Virtual Machine setup. Initial groundwork includes policy control language import and establishing event log ingestion via SIEM or log aggregation tools. Once calibrated, BAP runs on a timed schedule of your choosing or streams real-time to produce dashboard insight into compliance objectives.