Compliance Support

Here’s how we use Thrivaca for Compliance Support. Let’s say that the regulators have highlighted a series of say five MRAs or “matters requiring attention” and are requiring a recurring reporting as to your progress against the requirements that have been laid out. It’s typical that the regulator will require demonstrated progress toward a goal of improvement in cyber capabilities. Let’s say on a specific basis that a regulator is requiring improvement in configuration management.

Now we’re able to show the regulator that we’re tracking the threat.

You’ll see that we can take those capabilities the regulators have asked us to improve, and we can now illustrate the pacing and results of the improvements and remediation activity we’re taking.

We can also now have a discussion with the regulators around where compliance sign-off may be expected, since in the real world most capabilities cannot be elevated to a level of 100%. We’re finding that before Thrivaca, customers did not have the ability to chart their progress in this way for their related regulators, but also the degree of visibility to these compliance levels did not even allow a degree of knowledge around these parameters to have a properly informed program of compliance tied to specific actions.