The Cat's Whiskers

News about SAM for Compliance

September 21st 2018

UK NIS Directive - Cyber Assessment Framework - Added as a new SAM Framework

The implementation of the EU Security of Networks and Information Systems (NIS) Directive in May 2018 requires Competent Authorities (CAs) to have the ability to assess the cyber security of Operators of Essential Services (OES). In support of the UK NIS Directive implementation, the NCSC is committed to working with lead government departments, regulators and industry to develop a systematic method of assessing the extent to which an organisation is adequately managing cyber security risks in relation to the delivery of essential services. This assessment method, otherwise known as the Cyber Assessment Framework (CAF), is intended to meet both NIS Directive requirements and wider CNI needs.

May 31st 2018

Responsibility Report added.  Based on the Position/Title field and Department field set at the time a user is created.  This report can be filtered by Department or by individual user.  The default view filters on the logged in user.  The Workplan Responsibility drop down box has been updated to enable the selection of individuals rather than generic positions. 

PCI-DSS v 3.2 updated to PCI-DSS v3.2.1
NIST Cybersecurity Framework (NIST CSF) added with requirements derived from NIST SP 800-53

March 28th 2018

SAM-Protect updated to February 2018 version of NIST SP 800-171

March 19th 2018

CIS Controls Version 7 is released, as is SAM-CIS Controls Version 7
New version of SAM-Security created based on the new version of CIS Controls
NZISM v 2.7 framework added

Tony has been an active contributor to the development of CIS Controls Version 7 which sees a simplification of many of the Controls and a move to have one 'ask' per sub control (or requirement as we call them within SAM for Compliance). We today announce new pricing for SAM-CIS Controls, reducing the subscription price to just US$70 per month or US$800 per year. It's our way of saying that we want organisations to adopt the CIS Controls and have an easy to use system to help assess, manage, improve, and report on compliance.

28th February 2018

Custom logo feature added. The logo that appears on SAM for Compliance pages and on reports can now be customised upon request.

12th February 2018

SAM for Compliance System update

  • A new icon added to the menu for a Full Compliance Report with printable option.  This report shows everything down to the requirement level
  • The ability to subscribe to multiple instances of the same framework.  Where the organisation has multiple branches or provides multiple services and wishes to show compliance in each instance
  • Exemptions can be added during an Assessment as Notes and Exceptions are
  • The addition of exceptions, exemptions and notes from the Assessment function without losing unsaved input.  This is a fix to increase user friendliness and takes the user away from the page to add the these so that the Assessment remains as it was.  This also affected Work Plans so you now don't have to save the Work Plan to save your changes before adding an exception or exemption. 
  • A new lock option has been added to Assessments to prevent further changes and preserve historic assessments
  •  In Tasks, the completion date must be after the Task creation date
  • A new icon added to the menu for a Notes Report with printable options
  • Notes link will now also appear in the Action Register in the same manner that task links do for easy reference
  • Exemptions now require information to be loaded into a form the same as Exceptions
  • In the Action Register the Verify field has been renamed to Validation for users to record how they have validated that the action has been completed.  This was always the intention but the name verify caused some confusion.
  • New print options have been added to the Action and Task Registers to enable the printing of filtered lists
  • The ability for us to customise your status maturity model if you would prefer something other than the default which is percentage based
  • The system setup icon has been renamed to Help
  • A new online help system is also being developed and will be available by the end of March.  This will replace the current pdf documents

* * * * * *   New CyberSafe Programme for Small Business  * * * * * *

Cyber crime is becoming a big issue for businesses of all sizes often resulting in serious financial loss.  Often basic cybersecurity principles are not adhered to because the small business owners and managers are not aware that there are simple and easy-to-achieve things that they can do to mitigate their risk without spending a fortune.

Here at SAM for Compliance we decided to do something to help small businesses by offering a very cost effective cybersecurity programme that is based around good internal process and a small amount of technology management. 

We are excited to announce our new CyberSafe Programme based on a new framework called SAM-Small Business especially created for businesses with up to 20 computer users.  As far as Standards go it is very small, containing only 26 very basic and pragmatic work plans that include technology requirements and internal process requirements. An initial assessment will take approximately two hours and progress towards full compliance can be measured and monitored over time.

A CyberSafe certificate will be issued on receipt of a 100% full compliance report provided by an independent assessor.

5th December 2017

A great deal has happened over the past six months and our list of available frameworks is growing. We now have the following available:-

  • SAM-Security Levels 1, 2 and 3 - These are pragmatic and achievable security standard based on CIS Controls and presented using similar Functions and Categories to the NIST Cybersecurity Framework. An organisation can start with level 1 and progress as they improve
  • Centre for Internet Security - Cybersecurity Controls V6.1 Advanced, Foundation and SME versions - Three levels of the CIS Control standard that consolidate practical technical requirements for improving cybersecurity in organisations of all sizes
  • PCI-DSS V3.2 - The Data Security standard for the protection of Payment Card Information
  • NZISM v2.5 and 2.6 - New Zealand Government Information Security Manual - compliance is easy to measure with SAM status and reporting and easy to manage with SAM action and task managers
  • SAM Protect - NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal information systems and organizations with controls extrapolated from and cross referenced to CIS Controls, ISO 27002 and NIST SP 800-53r5
  • NIST SP 800-66 Hippa Security Rule for the protection of information in the US Health Sector
  • NIST Cyber Security Framework (In progress and will be ready for release once the CSF is finalised in 2018) - Currently based on the latest 2017 draft of the CSF utilising NIST SP 800-53 r5 for the controls

30th November 2017

SAM for Compliance Ltd is the first Australasian partner in the Global Cyber Alliance which is an international cross sector effort dedicated to confronting cybersecurity risk and improving the connected world.

1st August 2017

SAM-HIPAA is launched!

20th July 2017

A new Exemption capability has been added to the SAM for Compliance workplans. This allows for individual requirements within a standard to be excised if they are not applicable in any way. Exempted items are added to an exemption register and the system automatically adjusts so that the exempted item is no longer considered within calculated compliance percentages.

1st May 2017

SAM-PCIDSS is launched!

14th March 2017

Development has started on SAM-PCIDSS. This system will incorporate all of the requirements and controls contained within PCI-DSS version 3.2 at launch and, like all SAM for Compliance based systems, is designed to make it easier to assess, manage, improve, and report against compliance with this standard.

12th March 2017

The cat is finally out of the bag! SAM for Compliance is now commercially available with SAM-CIS Controls, SAM-Security and SAM-NZISM being our first three compliance platforms.

11th March 2017

Testing and platform scaling is completed ready for commercial launch.

8th March 2017

Upload into the Azure platform is complete and final deployment and security testing us underway

14th February 2017: NZISM Content Input is Complete

After the massive job of extracting 1549 action items out of the NZISM documentation and entering it into the SAM for Compliance engine via our management portal, the last of our launch standards is now complete and SAM-NZISM will be available as soon as we go live. We'll send a SAM for Compliance mug to the first person who can tell us which requirement has a duplicated entry in the NZISM documentation!

1st February 2017: In Beta

Final testing is well underway and the system is looking pretty good. As well as the CIS Controls based systems we are going to launch with a SAM for Compliance system for the New Zealand Information Security Manual. Anyone who has read through this manual will understand that it is a massive undertaking to implement and we firmly believe that SAM-NZISM will help by breaking the process down into manageble chunks as well as giving a clear view of what has been done.. and what needs to be done.

28th January 2017: CIS Controls

It's great to see that CIS Controls has now been dowloaded 60,000 times from the Center from Internet Security web site.

21st Nov 2016: The Launch

The little black cat had it's first public outing at the Association of Local Government IT Manager's conference in Auckland and was very well received.

The SAM mugs we created for the show have become highly desirable items and the cat is well pleased with the response.