An Infinite Library of audit software modules and supporting services from the experts. Call +1 (888) 896-6207

Have you ever browsed the Infinite Library before?

Browse the extensive library list below and find the Audit & Compliance modules that meet your IRM and GRC needs. You may also contact us to get immediate assistance with selecting the right solution for your organization.

If you don't see the GRC module you are looking for we can easily build it for you.

The beautiful reality with Continuum GRC is that the only limit to how applicable and beneficial it can be to your organization is your imagination. It’s true! We continue to add ITAM IT audit software modules to our already extensive library but our creative clients also inspire us every day with their innovative use of the powerful ITAM IT audit software system.

What is an assessment or what is a compliance framework anyway? We all realize it is a series of intelligently structures questions, the collection or evidence and artifacts and the production of meaning reports and information. All of this core functionality is at the heart of ITAM IT audit software and available to everyone.

As the reliance of business operations on Information Technology (IT) increases, IT environments will continue to become more complex, exposing organizations to a wide array of risks, threats, and vulnerabilities that have a direct impact on the performance of the enterprise. Moreover, several government regulations that focus on information privacy and security have emerged in recent years to safeguard consumer information and ensure corporate accountability. Compliance with these laws and mandates requires effective planning, designing, and ongoing administration of IT systems.

Schedule some time with our Superheroes!

We always say “Work Smarter, Not Harder” here at Continuum GRC and so can you!

This is not a complete list of modules in our Infinite Library; but it’s a great example! Let us know what you need and schedule a demonstration today.

Payment Card Industry PCI modules

  • Level 1 Merchant
    PCI DSS RoC
    PCI DSS AoC Merchants
    PCI DSS Appendix E: Explanation of Requirements Not Tested
    PCI DSS Appendix D: Explanation of Non-Applicability
    PCI DSS Appendix C: Compensating Controls Worksheet
    PCI DSS Appendix A: Additional Requirements for Shared Hosting Providers
    PCI DSS Action Plan for Non-Compliant Requirements
  • Level 1 Service Provider
    PCI DSS RoC
    PCI DSS AoC Service Providers
    PCI DSS Appendix E: Explanation of Requirements Not Tested
    PCI DSS Appendix D: Explanation of Non-Applicability
    PCI DSS Appendix C: Compensating Controls Worksheet
    PCI DSS Appendix A: Additional Requirements for Shared Hosting Providers
    PCI DSS Action Plan for Non-Compliant Requirements
  • Level 2, 3 and 4
    SAQ A
    AOC SAQ A
    SAQ A-EP
    AOC SAQ A-EP
    SAQ B
    AOC SAQ B
    SAQ B-IP
    AOC SAQ B-IP
    SAQ C
    AOC SAQ C
    SAQ C-VT
    AOC SAQ C-VT
    SAQ D Merchant
    AOC SAQ D – Merchants
    SAQ D Service Provider
    AOC SAQ D – Service Providers
    AOC extra form for Service Providers – Section 2g

SSAE 18, (SOC 1) and AT 101 (SOC 2, SOC 3)

  • SOC 1 Type 1
    SOC 1 Type 2
  • SOC 2 Type 1 – Security
    SOC 2 Type 2 – Security
  • SOC 2 Type 1 – Privacy
    SOC 2 Type 2 – Privacy
  • SOC 2 Type 1 – Confidentiality
    SOC 2 Type 2 – Confidentiality
  • SOC 2 Type 1 – Integrity
    SOC 2 Type 2 – Integrity
  • SOC 2 Type 1 – Availability
    SOC 2 Type 2 – Availability

FedRAMP

  • FIPS 199 – Standards for Security Categorization of Federal Information and Information Systems
  • NIST Special Publication 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations
  • Security Assessment Plan (SAP)
  • Security Assessment Report (SAR)
  • Electronic Authentication (E-Authentication) Plan
  • Information System Security Policies and Procedures
  • Configuration Management (CM) Plan
  • Control Implementation Summary (CIS)
  • CIS Worksheet
  • Integrated Inventory Workbook
  • IT Contingency Plan (CP)
  • Incident Response Plan (IRP)
  • Privacy Threshold Analysis (PTA) / Privacy Impact Analysis (PIA)
  • User Guide
  • Rules of Behavior (ROB)
  • Signature Page
  • AC Access Control
  • AT Awareness and Training
  • AU Audit and Accountability
  • CA Certification, Accreditation, and Security Assessment
  • CM Configuration Management
  • CP Contingency Planning
  • IA Identification and Authentication
  • IR Incident Response
  • MA Maintenance
  • MP Media Protection
  • PE Physical and Environmental Protection
  • PL Planning
  • PS Personnel Security
  • RA Risk Assessment
  • SA System and Services Acquisition
  • SC System and Communications Protection
  • SI System and Information Integrity
  • PM Project Management
  • Information System Contingency Plan (ISCP)
  • Plan of Action and Milestones (POA&M)
  • CIS for SSP Low or Moderate Baseline
  • CIS for SSP High Baseline
  • CIS Customer Responsibility Matrix for SSP Low or Moderate Baseline
  • CIS Customer Responsibility Matrix for SSP High Baseline
  • System Security Plan (SSP) Systems Security Plan Attachments
  • Low Readiness Assessment Report (RAR)
  • Moderate Readiness Assessment Report (RAR)
  • High Readiness Assessment Report (RAR)

FedRAMP+ DoD IL

  • FedRAMP+ System Security Plan Information Impact Level 2  (Non-Controlled Unclassified Information)
  • FedRAMP+ System Security Plan Information Impact Level 4  (Controlled Unclassified Information)
  • FedRAMP+ System Security Plan Information Impact Level 5  (Controlled Unclassified Information) – Do It Yourself
  • FedRAMP+ System Security Plan Information Impact Level 5  (Controlled Unclassified Information) – Cybervisor Supported
  • FedRAMP+ System Security Plan Information Impact Level 6  (Classified Information up to SECRET)

Risk Assessment & Management

  • ISO/IEC 27005 – Information Technology – Security Techniques – Information Security Risk Management
  • NIST Special Publication 800-37 – Guide for Applying the Risk Management Framework to Federal Information Systems
  • NIST Special Publication 800-30 – Guide for Conducting Risk Assessments
  • COSO 2017 Enterprise Risk Management
  • Vendor Risk Management
  • Third-Party Risk Assessment and Management
  • Integrated Risk Management (IRM) Dashboard
  • Physical Security Risk Assessment
  • Site Visit Security Risk Assessment 

HIPAA

  • NIST 800-66 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
  • HITECH – Health Information Technology for Economic and Clinical Health (HITECH) Act
  • Meaningful Use Stage 1
  • Meaningful Use Stage 2
  • Meaningful Use Stage 3

Criminal Justice Information Services (CJIS)

  • Security Assessment Plan (SAP)
  • Security Assessment Report (SAR)
  • AC Access Control
  • AT Awareness and Training
  • AU Audit and Accountability
  • CA Certification, Accreditation, and Security Assessment
  • CM Configuration Management
  • CP Contingency Planning
  • IA Identification and Authentication
  • IR Incident Response
  • MA Maintenance
  • MP Media Protection
  • PE Physical and Environmental Protection
  • PL Planning
  • PS Personnel Security
  • RA Risk Assessment
  • SA System and Services Acquisition
  • SC System and Communications Protection
  • SI System and Information Integrity
  • PM Project Management
  • Plan of Action and Milestones (POA&M)

Defense Federal Acquisition Regulation Supplement (DFARS)

  • Security Assessment Plan (SAP)
  • Security Assessment Report (SAR)
  • AC Access Control
  • AT Awareness and Training
  • AU Audit and Accountability
  • CA Certification, Accreditation, and Security Assessment
  • CM Configuration Management
  • CP Contingency Planning
  • IA Identification and Authentication
  • IR Incident Response
  • MA Maintenance
  • MP Media Protection
  • PE Physical and Environmental Protection
  • PL Planning
  • PS Personnel Security
  • RA Risk Assessment
  • SA System and Services Acquisition
  • SC System and Communications Protection
  • SI System and Information Integrity
  • PM Project Management
  • Plan of Action and Milestones (POA&M)

NIST FISMA

  • NIST Special Publication 800-30 – Guide for Conducting Risk Assessments (Risk Management)
  • NIST Special Publication 800-37 – Guide for Applying the Risk Management Framework to Federal Information Systems (Risk Management)
  • NIST Special Publication 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations (NIST, FISMA, FedRAMP)
    • AC Access Control
    • AT Awareness and Training
    • AU Audit and Accountability
    • CA Certification, Accreditation, and Security Assessment
    • CM Configuration Management
    • CP Contingency Planning
    • IA Identification and Authentication
    • IR Incident Response
    • MA Maintenance
    • MP Media Protection
    • PE Physical and Environmental Protection
    • PL Planning
    • PS Personnel Security
    • RA Risk Assessment
    • SA System and Services Acquisition
    • SC System and Communications Protection
    • SI System and Information Integrity
    • PM Project Management
  • NIST Special Publication 800-66 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule  (HIPAA, NIST, FISMA)
  • NIST Special Publications 800-171 – Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations  (NIST, FISMA)
  • NIST Framework for Improving Critical Infrastructure Cybersecurity
  • Security Assessment Report (SAR)

NIST Special Publications

  • NIST Special Publication 800-30 – Guide for Conducting Risk Assessments
  • NIST Special Publication 800-37 – Guide for Applying the Risk Management Framework to Federal Information Systems
  • NIST Special Publication 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations
  • NIST Special Publication 800-66 – An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
  • NIST Special Publications 800-171 – Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations

GDPR

  • GDPR Data Protection Impact Assessment (DPIA)
  • General Data Protection Regulation (GDPR) Readiness Assessment

NERC CIP

  • NERC CIP-002: Critical Cyber Asset Identification
  • NERC CIP-003: Security Management Controls
  • NERC CIP-004: Personnel and Training
  • NERC CIP-005: Electronic Security Perimeter
  • NERC CIP-006: Physical Security of Critical Cyber Assets
  • NERC CIP-007: Systems Security Management
  • NERC CIP-008: Incident Reporting and Response Planning
  • NERC CIP-009: Recovery Plans for Critical Cyber Assets
  • NERC CIP-010: Configuration Change Management and Vulnerability Assessment
  • NERC CIP-011: Information Protections

FINRA & Sarbanes Oxley

  • FINRA SEC, NFA Cyber Security Report Card
  • FINRA - Small Firm Cybersecurity Checklist
  • COSO 2017 Framework
  • COSO 2017 Enterprise Risk Management
  • COSO 2017 – Summary of Deficiencies
  • Anti-Money Laundering (AML) Program Compliance and Supervisory Procedures
  • Business Continuity Plan for Small Introducing Firms
  • Identity Theft Red Flags Rule
  • New Account Application

ISO

  • ISO 17020 Quality Standards: Business Operating Quality Manual File
  • ISO/IEC 27001 – Information Security Management
  • ISO/IEC 27002 – Information Technology – Security Techniques – Code of Practice for Information Security Controls
  • ISO/IEC 27005 – Information Technology – Security Techniques – Information Security Risk Management

Policies & Governance

  • Information Systems and Technology Security Charter
  • Information Systems and Technology Security Policy
  • Asset Identification and Classification Standard
  • Information Classification Standard
  • Information Labeling Standard
  • Asset Protection Standard
  • Access Control Standard
  • Remote Access Control Standard
  • Physical Access Control Standard
  • Encryption Standard
  • Availability Protection Standard
  • Integrity Protection Standard
  • Anti-Virus Standard
  • Information Handling Standard
  • Auditing Standard
  • Asset Management Standard
  • Configuration Management Standard
  • Change Control Standard
  • System Development Life Cycle Standard
  • Life Cycle Management Standard
  • Legal Hold Management Standard
  • Case Management Guidelines
  • Acceptable Use Standard
  • Internet Acceptable Use Standard
  • Social Computing Guidelines
  • Electronic Mail Acceptable Use Standard
  • Telecommunications Acceptable Use Standard
  • Software Acceptable Use Standard
  • Misuse Reporting Standard
  • BYOD Acceptable Use Standard
  • Vulnerability Assessment and Management Standard
  • Vulnerability Assessment Standard
  • Vulnerability Management Standard
  • Threat Assessment and Monitoring Standard
  • Threat Assessment Standard
  • Threat Monitoring Standard
  • Incident Response Standard
  • Security Awareness Standard
  • Management Security Awareness Standard
  • New Hire Security Awareness Standard
  • Employee Ongoing Security Awareness Standard
  • Third Party Security Awareness Standard
  • Security Awareness Accessibility Standard
  • End User Computing and Technology Policy
  • Change Advisory Board Charter
  • Policy Acknowledgement Form
  • Security Incident Report
  • Notice of Policy Noncompliance
  • Universal Access Control Form
  • Request for Policy Exemption
  • Non-Disclosure Agreement
  • Employee Confidentiality Agreement
  • Hold Harmless Indemnification Addendum
  • Compliance Matrix
  • Incident Response Plan

Vulnerability & Penetration Testing

  • Penetration Testing and Vulnerability Assessment Progress Report

Call us and schedule a demonstration today!