There you are, laundry list of all your Federal Information Security Modernization Act (FISMA) requirements in hand, unsure how to tackle each item by the given deadline and balance all the day-to-day operational tasks that you have. To help, we’ve laid out our top tips for getting compliance met without wasting time.
1. Plan your compliance first
The first step you take is planning your compliance solutions (click to read why).
With the deadline looming, planning starts to look like a nice-to-have. It’s tempting to slap some solutions in place for each item on the compliance laundry list, but that is not the fastest way to address your compliance. That’s right: not planning for compliance will NOT save you time. It also won’t save you money.
Planning first means that you can identify the least amount of solutions to address your concerns, and price shop solutions. It also means you’re looking towards future compliance requirements to avoid fire drills down the road.
Planning compliance helps you reduce costs, reduce implementation time, disruption and coordination time and will ensure that you have the best solutions to address your needs for years to come. It’s critical.
2. Look for single-solution compliance-by-design models instead of piece-meal compliance solutions.
Cloud-based technology is an excellent way to consolidate vendors and allows you to easily stand up a compliant environment instead of trying to make your current environment compliant. It might sound counter-intuitive, but a few broad shifts to the right cloud environment can save you a lot of time, money and hassle. It beats ticking off one box at a time with ad-hoc solutions.
The Microsoft Cloud stack, for instance, is compliant by design and in lockstep with NIST guidelines. Once you’re in the compliant solutions, you can be certain that you won’t have to go through major compliance projects again.
Here are three examples from Microsoft:
- Microsoft offers a suite of tools like Advanced Threat Protection and Active Directory that provide cohesive security across all workstations and clouds.
- Microsoft EMS or Enterprise Mobility and Security allows sensitive files to be securely accessed from various locations and on multiple devices. This product reduces risk, brings and offers specific features and toolsets that help maintain compliance.
- Microsoft 365 Enterprise offers Office 365, Windows 10, and EMS in one secure, integrated and affordable solution that includes identity and access management, information protection and threat defense.
3. Shop around – and know what you’re getting
Recently, a large medical practice with several locations reached out to us for help with their compliance. They’d purchased an email filtering tool and Microsoft Enterprise Mobility and Security (EMS), not realizing that optimal email threat protection was already available through their EMS suite. It was simply a matter of turning it on. Unfortunately, by that point, they’d committed to the other service and a few thousand dollars before they could shut it down.
It’s not always easy to know what you’re getting, especially with complex cloud suites like the Microsoft stack. It’s best to work with an experienced provider who can help you understand what you’re getting with each solution.
4. Be ready to demonstrate your compliance or progress towards compliance
Going forward, keep a few things on hand in the event of an audit or to show progress toward compliance, including proof that you have:
- A security plan on file, which catalogs network security reviews
- Risk assessment results on file that show progress on closing gaps
- An information system that monitors risks and intuitively evolves as threats arise
5. Work with a managed IT company that has expertise in compliance
Collaborate with a top Managed IT Services company that can offer expertise in navigating the different compliance solutions. Your partner should be able to manage the planning, roll out and execution for you or in coordination with your team. They can help you understand the different solutions and identify the most cost-effective, quickest way to get your compliance projects knocked out of the park.
Need help with your compliance? Don’t wait until the 11th hour. Contact us to get started.