Maintaining standards and regulations offered in Risk Cloud's Control Repository
Risk Cloud Control Content
All of the control sets offered in our Control Repository are industry-standard frameworks or regulations. You can view Risk Cloud's existing content by visiting LogicGate's Risk Cloud Exchange.
Many of these control frameworks are typically managed by stakeholders within the IT Security, Privacy, or Compliance functions in organizations. Content in the Control Repository can be linked to any of your custom Applications or any of Risk Cloud's Applications.
Control Mappings
We can provide mappings between the control sets listed above via the Secure Controls Framework, a comprehensive catalog of controls that maps across various statutory, regulatory, and contractual frameworks.
Risk Cloud can also support control mappings via the HITRUST CSF® for any customers who have their own, current HITRUST MyCSF® subscription.
Control Licensing
Several of our offered control frameworks require additional licensing prior to use in Risk Cloud. It is ultimately up to each customer organization to determine what the appropriate license count is for their organization based on their needs. Frameworks requiring additional licensing include:
- ISO 27001 - requires ISO 27001 license
- ISO 27002 - requires ISO 27002 license
- ISO 27017 - requires ISO 27017 license
- ISO 27018 - requires ISO 27018 license
- ISO 27077 - requires ISO 27701 license
- HITRUST CSF - requires HITRUST MyCSF license
Prior to importing the above standard or regulations, your organization will be asked to attest and certify that you maintain a valid license for the applicable standard or regulation and that your organization’s authorized Risk Cloud users will comply with all restrictions and terms of use set forth in said license when utilizing the standard or regulation in connection with the Service. When required by third-party licensing terms and conditions, LogicGate may require customers to provide proof they are licensed to use the third-party content.
Obtaining Control Repository Content
If you're interested in having any of these controls* loaded to your environment, please reach out to your LogicGate account team.
*Please note that before any ISO content may be loaded in your environment, we will require confirmation that you have a valid license to the content.
*Your organization is required to have a current HITRUST MyCSF subscription to access HITRUST CSF® content in Risk Cloud.
Risk Cloud Control Versioning
When dealing with any of the control sets offered in Risk Cloud's Control Repository, it is important to stay up-to-date on the latest framework versions. To locate the current version number of Standards and Regulations offered from Risk Cloud's Control Repository, please visit LogicGate's Risk Cloud Exchange.
When major revisions are released by the authoritative source, the Risk Cloud import files will be updated to align with framework revisions. If you are a Premier Success Customer, we will support with loading the latest version of Standards and Regulations Content within 60 days of the major release published by the authoritative source, as well as mapping the new version to the “primary control set” (i.e., Secure Controls Framework or HITRUST) within 60 days of a major release from the primary control set’s authoritative source, to maintain relevant control mappings.
If you are a Standard Success Customer, you may request the updated import files for the Risk Cloud Standards and Regulations Content; these can be made available to your organization via CSV file within 120 days of a major release published by the authoritative source. If you are interested in the updated content, you may request the import files from support@logicgate.com. Furthermore, if you seek additional support with importing content, please reach out to your CSM or RM to consider our Professional Services Bundle as a means of optimizing the update process.
The LogicGate team will maintain versioning information within this Help Article. Please feel free to revisit this article and LogicGate Risk Cloud Services Descriptions as questions regarding content updates arise. If your organization has additional questions after reviewing the article, please reach out to LogicGate support.
For more information on the individual control sets, as well as links to the respective source pages, please see Risk Cloud Exchange.