Scottsdale, Arizona, November 15, 2021 (Continuumgrc.com) – Continuum GRC, Inc. has been granted its FedRAMP Authorization by the Federal Risk and Authorization Management Program (FedRAMP) program.

“I’d like to personally thank the SBA’s Branch Chief for Security Policy & Compliance and Office of the Chief Information Officer, and those members of the FedRAMP PMO who supported our interesting use case. It has been our mission to help the small business community that is America's economic engine, and we are looking forward to doing great things together.” said Michael Peters, CEO of Continuum GRC.

The United States Small Business Administration (SBA) partnered with Continuum GRC for FedRAMP Authorization following an extensive period of evaluation of our tool. Their interest was how the tool scaled GRC capabilities to not only the SBA’s internal requirements, but also to the multitude of America’s small businesses they supported.

Read More

You’ve studied ISO 27001 and, either internally or through the help of a security partner, you’ve implemented the security controls and practices therein to achieve compliance. Now, per ISO standards, it’s on you to continually monitor your ISMS, measure performance and effectiveness, and determine success. With complex ISMS, however, this can seem like a daunting prospect. Thankfully, ISO provides a framework for monitoring and measurement in the 27000 series–the ISO 27004 publication on monitoring, measurement, analysis and evaluation of information technology. 

As part of our series on the ISO 27000 series, we turn to ISO 27004 to highlight the importance of system monitoring and evaluation from the perspective of this particular framework. 

Read More

Of all the upheavals and challenges we’ve seen in the past few years; cybersecurity is one of the most important topics emerging in 2021. Newsworthy attacks on SolarWinds and Colonial Pipelines have prompted the White House to release an executive order dictating a new set of collective cybersecurity standards for government agencies and contractors. Following that, private companies associated with the supply chain have also begun to adopt stricter security controls based on their risk profiles and reliance on cloud-based service providers. All of these organizations, from agencies to contractors to utility companies, are turning to cybersecurity as-a-service models to meet these demands. 

It seems like everything is “a service” these days, but it is important to realize that as modern cybersecurity threats evolve, it’s nearly impossible for individual organizations to keep up. Dedicated, expert compliance and security firms are rising to fill the gap and keep our systems safe. 

Read More