Mitigate risks to your mission-critical data and systems. Try our #1 ranked assessment tools risk free today!

Call +1 888-896-6207 to find out more.

The Continuum GRC ITAM SaaS platform has hundreds of plugin modules available such as:

  • FedRAMP SSP, SAP, SAR, FIPS 199
  • PCI ROC, SAQ
  • SOC 1, SOC 2 Attestation
  • CJIS SSP and SAR
  • DFARS 800-171 SSP and SAR
  • C5 Attestation
  • ISO 27001 workbooks
  • HIPAA Attestation
  • NIST 800-53 SSP and SAR
  • Countless more!

Let us know what you are looking for. Chances are its already in our vast Solution Library.

Common Industry Solutions Offered

FedRAMP

The FedRAMP certification is the pinnacle for cloud service providers and provides the highest standard of certification assurances to your customers.

Modules include:

  • System Security Plan (SSP) High-Moderate-Low-Tailored
  • System Security Plan (SSP)
  • Security Assessment Report (SAR)
  • Security Assessment Plan (SAP)
  • Evidence Checklist
  • Plan of Action and Milestones (POA&M)
  • Customer Responsibility Matrix
  • Electronic Authentication (E-Authentication) Plan
  • Privacy Impact Assessment (PIA)
  • Rules of Behavior (RoB)
  • Information System Contingency Plan (ISCP)
  • CIS for SSP Low or Moderate Baseline
  • Federal Information Processing Standard (FIPS) 199 Categorization
  • Laws and Regulations
  • Integrated Inventory Workbook

HIPAA NIST 800-66

The HIPAA attestation is the only authorized compliance assessment for healthcare providers and provides the highest standard of assurances to your customers.

Modules include:

  • HIPAA NIST 800-66 System Security Plan (SSP)
  • HIPAA NIST 800-66 Security Assessment Report (SAR)
  • HITECH – Health Information Technology for Economic and Clinical Health (HITECH) Act
  • Meaningful Use Stage 1
  • Meaningful Use Stage 2
  • Meaningful Use Stage 3
  • Federal Information Processing Standard (FIPS) 199 Categorization

NIST 800-53 High-Moderate-Low, Cyber Security Framework (CSF)

The 800-53 or CSF attestation is the most rigorous assessment available next to FedRAMP and provides the highest standard of attestation assurances to your customers.

Modules include:

  • NIST 800-53 System Security Plan (SSP)
  • NIST 800-53 Security Assessment Report (SAR)
  • Federal Information Processing Standard (FIPS) 199 Categorization
  • Plan of Action and Milestones (POA&M)

General Data Protection Regulation (GDPR)

The GDPR regulation is the only authorized compliance assessment for service providers processing EU citizen data and compliance is required annually.

Modules include:

  • GDPR Data Protection Impact Assessment

California Consumer Protection Act (CCPA)

California-based businesses with revenues exceeding $25 million must meet the requirements of this stringent regulation. Additionally, companies around the world that collect or sell data on California residents or households may also need to comply.

Modules include:

  • CCPA Data Protection Impact Assessment
  • California Consumer Privacy Act (CCPA)

NIST Cyber Security Framework (CSF)

All businesses within the public-private sectors concerned about security will find the NIST CSF indispensable for both national and economic security. Even if you are not seeking FISMA attestation or certifications, the NIST CSF is the best place to start securing your organization.

Modules include:

  • NIST CSF System Security Plan (SSP)
  • NIST CSF Security Assessment Report (SAR)
  • Federal Information Processing Standard (FIPS) 199 Categorization
  • Plan of Action and Milestones (POA&M)

National Institute of Standards and Technology (NIST)

NIST publishes hundreds of special publications many with assessment frameworks all of which are supported by Continuum GRC.

Modules include:

  • NIST 800-53 System Security Plan (SSP)
  • NIST 800-171 System Security Plan (SSP)
  • NIST 800-66 System Security Plan (SSP)
  • NIST 800-30 Risk Management
  • NIST 800-37 Risk Management
  • NIST 800-161
  • NIST 800-60
  • NIST 7621
  • NIST CSF System Security Plan (SSP)
  • NIST CSF Security Assessment Report (SAR)
  • Federal Information Processing Standard (FIPS) 199 Categorization
  • Plan of Action and Milestones (POA&M)

SEC, NFA & FINRA

Continuum GRC created the number one ranked IRM GRC audit software solution  for SEC, NFA & FINRA audits that empowers you to prepare for a SEC, NFA & FINRA audit effectively while dramatically reducing costs in preparation for working with a third-party assessment organization.

Modules include:

  • FINRA SEC Cyber Security Report Card
  • FINRA - Small Firm Cybersecurity Checklist
  • COSO Summary of Deficiencies
  • COSO Enterprise Risk Management – Integrated Framework
  • COSO Internal Control – Integrated Framework

Securities Exchange Commission (SEC)

The SOX attestation based on the COSO framework is the only authorized compliance assessment for SEC registered companies and provides the highest standard of assurances to your customers.

Modules include:

  • Enterprise Risk Management – Integrated Framework
  • Internal Control – Integrated Framework

Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171

Continuum GRC are completely committed to you and your business’ Defense Federal Acquisition Regulation Supplement (DFARS) and NIST 800-171 audit success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations.

Modules include:

  • DFARS NIST 800-171 System Security Plan (SSP)
  • DFARS NIST 800-171 Security Assessment Report (SAR)
  • Federal Information Processing Standard (FIPS) 199 Categorization
  • Plan of Action and Milestones (POA&M)

Criminal Justice Information Services (CJIS)

The CJIS attestation is the only authorized compliance assessment for service providers in the law enforcement industry and provides the highest standard of assurances to your customers.

Modules include:

  • CJIS System Security Plan (SSP)
  • CJIS Security Assessment Report (SAR)
  • Plan of Action and Milestones (POA&M)
  • Federal Information Processing Standard (FIPS) 199 Categorization

PCI DSS QSA and SAQ

The PCI DSS certification is the only authorized compliance assessment for merchants and service providers who process credit cards. It is required for all businesses processing credit cards to be certified annually.

Modules include:

  • Level 1 Merchant and Service Provider ROC and AOC
  • Level 2, 3, and 4 SAQ A
  • Level 2, 3, and 4 SAQ A-EP
  • Level 2, 3, and 4 SAQ B
  • Level 2, 3, and 4 SAQ B-IP
  • Level 2, 3, and 4 SAQ C
  • Level 2, 3, and 4 SAQ C-VT
  • Level 2, 3, and 4 SAQ D Merchants
  • Level 2, 3, and 4 SAQ D Service Providers

NERC CIP & 693

Continuum GRC created the number one ranked IRM GRC audit software solution  for NERC CIP audits that empowers you to prepare for a NERC CIP audit effectively while dramatically reducing costs in preparation for working with a third-party assessment organization.

Modules include:

  • NERC CIP-004: Personnel and Training
  • NERC CIP-006: Physical Security of Critical Cyber Assets
  • NERC CIP-010: Configuration Change Management and Vulnerability Assessment

International Organization for Standardization (ISO)

Continuum GRC created the number one ranked IRM GRC audit software solution  for ISO audits that empowers you to prepare for a ISO audit effectively while dramatically reducing costs in preparation for working with a third-party assessment organization.

Modules include:

  • ISO 27001
  • ISO 27002
  • ISO 27005
  • ISO 17020

Federal Information Security Management Act (FISMA)

Continuum GRC created the number one ranked IRM GRC audit software solution  for NIST 800-53 audits that empowers you to prepare for a FISMA audit effectively while dramatically reducing costs in preparation for working with a third-party assessment organization 3PAO.

What are you waiting for?

You are just a conversation away from putting the power of Continuum GRC to work for you. Contact us using the form below or calling us at 1-888-896-6207 for immediate assistance.

Amazing Benefits

Yes, we do gush but it’s clear we have the stuff that matters. Check out this list of features. We stopped only because we ran out of room but the list does go on and on.

  • No More Spreadsheet Madness! Our advanced collection architecture, big data capabilities and real-time dynamic document generation output are eliminate all of your pain-points
  • Integrates IT governance, policy management, risk management, compliance management, audit management, and incident management
  • Helps create, measure, monitor, and manage IT governance programs based on leading control frameworks such as COBIT, FedRAMP, COSO, SOC 1, SOC 2, DFARS, CJIS, ISO,  NIST, ITIL and all others
  • Enables an automated and workflow driven approach to managing, communicating, and implementing IT policies and procedures across the enterprise
  • Evidence management utilizing our Cryptochain of Custody blockchain technology
  • Cascade Mapping automatically cross-maps your work to all other frameworks
  • Intelligent logic controls provide a platform for users that is meaningful, more time efficient, more cost efficient and phenomenally faster
  • Intuitive communication capabilities keeping delegates and executive management updated in real time
  • Dynamic reporting and risk illustrations that provide intelligence from the macro to the micro scale in real time
  • Enhance the performance of human capital with collaboration groups, dynamic data updates, reduced complexity and expedited report generation
  • Contains a centralized repository of all IT compliance requirements with associated controls and automated information flows for audits, assessments, and testing
  • Provides a versatile issue management system for capturing and tracking IT issues, incidents, deficiencies, and threats as well as for implementing corrective action and remediation plans
  • Rapid automation of report creation with substantial cost savings across the enterprise
  • Provides an automated mechanism for managing IT surveys, questionnaires, certifications, self-assessments, and audits in a consistent, reliable and consistent manner
  • Provides an integrated and flexible framework for documenting and analyzing IT risks, developing mitigation plans, defining controls, and managing ongoing risk assessments
  • Contains embedded content based on standard frameworks and regulations such as FedRAMP, SSAE 18 SOC 1, AT 101 SOC 2, CJIS, DFARS, GDPR, COSO, COBIT, ISO 27001, ISO 27002, ISO 27005, SOX, FFIEC, PCI, GLBA, HIPAA, CMS, NERC CIP and all others
  • Provides technology connectors (APIs) to support the automated measurement and reporting of IT controls via integration with third- party products
  • Provides clear visibility into key risk indicators, assessment results, and compliance initiatives with integrated reporting of self-assessments, manual assessments, and automated controls
  • Provides access to harmonized controls that cover various compliance requirements including FedRAMP, SSAE 18 SOC 1, AT 101 SOC 2, CJIS, DFARS, GDPR, COBIT, ISO 27001, ISO 27002, ISO 27005, SOX, FFIEC, PCI, GLBA, HIPAA, CMS, NERC CIP and other federal and state mandates
  • Establishes identity governance framework and role based access controls to manage entitlement management and Segregation of Duties (SoD)
  • Facilitates the Green IT compliance initiative to support clean data center energy management
    Highly secured 3-factor (Yes, 3 Factor!) quired at all levels ensuring high data security standards
  • Advanced role based access controls ensure those with a need to know do objectives
  • IT GRC processes and enterprise GRC programs are unified which eliminate silos, standardize processes, reduce expenses and improve collaboration
  • Expedient year over year analysis and reporting capabilities continue to drive down wasted time and money
  • Enterprise security functionality you’d expect from an enterprise solution
  • We support 26 languages and counting!

Want to Learn More?

An SOC 2 Type 2 report is crucial when selecting a cloud service vendor

Cloud Security: Understanding SOC 2 Type 2 Attestations

Understanding the Updated SOC 2 Trust Services Criteria

The FedRAMP Assessment Process: Tips for Writing a FedRAMP SSP