“Find a compliance platform, it'll make life a lot easier. Then I would develop the policies and procedures, if you don't already have those, and then collect evidence to justify, to prove everything you're doing that's in the framework. It's going to be important for audits and just internal or external audits.” - Scott Schlimmer

In this episode, host Jara Rowe is once again joined by cyber risk specialist Scott Schlimmer with a deep dive into the world of compliance frameworks and certifications. Listen as we explain the challenges of compliance and non-compliance with certification programs in cybersecurity. 

Learn which regulated industries must follow specific frameworks and how noncompliance can affect business opportunities and your bottom line. We also unravel Fedramp, CMMC, CCPA, and CPRA, offering a clearer understanding of their cybersecurity roles. 

In this episode, you’ll learn:

• How to follow a compliance framework without having the certification, though having the certification can demonstrate to partners and customers that your organization has strong cybersecurity measures.
• The significance of certifications and the value of the NIST framework as a reliable source for general cybersecurity best practices.
• What the legal and financial consequences of noncompliance for different industries may be, such as failing to follow frameworks like Fedramp or CMMC when working with the government. 

Things to listen for:

[00:47 - 01:27 ] The relationship between compliance frameworks and certification programs

[01:27 - 02:54 ] The difference between regulated and non-regulated industries

[02:54 - 04:40 ] Explanation of the NIST framework and insights into other compliance acronyms

[04:40 - 08:59 ] Multiple compliance frameworks, compliance audits, and non-compliance issues

[08:59 - 10:54 ] Improving cybersecurity posture, security assessment, and maturity models

[10:54 - 13:56 ] Preparation for compliance audits and the importance of a compliance platform

[13:56 - 14:31 ] How to become compliant or get certified and reasons for external assistance

[14:38 - 17:20 ] Jara’s receipts

Resources:

Cracking the Code: Understanding Cybersecurity Compliance Frameworks

What is the NIST Framework?

Conquer Compliance Jargon: Download the Free Cybersecurity Compliance Glossary

Connect with the Guest:

Scott Schlimmer's LinkedIn

Connect with the host:

Jara Rowe’s LinkedIn

Connect with Trava:

Website www.travasecurity.com 

Blog www.travasecurity.com/blog

LinkedIn @travasecurity

YouTube @travasecurity