Slide 3

Mastering Compliance Automation

Leverage the Scrut Compliance Automation Platform to be audit-ready and demonstrate your compliance posture to the world.

Course Details

This course teaches you how to automate the compliance process using the Scrut Compliance Automation platform. We will work with the platform in detail to create a complete compliance automation project.

Course Features

Leonardo Sot - Instructor

Leonardo Soto

Instructor

Leonardo is an IT management professional focused on cybersecurity, compliance and digital transformation. His expertise includes IT project management, digital transformation, and preparing companies for information security audits, such as SOC 2, ISO 27001, and HIPPA.

Course Synopsis

Upon the successful completion of this course, each participant will possess the skills and knowledge to work with the Scrut Compliance Automation platform.

This unique training is unlike any training offered to employees and managers in the area of information security. Successful ‘graduates’ will become coveted amongst companies for their specialized knowledge of compliance, information security, and privacy. 

Having employees with this specialized knowledge also helps companies keep information safe. This training assists in raising the level of information security in the companies they work.

Course Content

5 days • 20 hours of instructor-led clasess
8:00 AM to 12:30 PM – Instructor Led
On Day 1, the participants will get an overview of the Scrut Compliance Automation platform. They will also understand the different cybersecurity frameworks available, such as SOC 2, ISO 27001, GDPR, HIPAA, etc. The material also shows the attendees how to work with the controls associated with each compliance framework and the Unified Controls Framework (UCF), a tool to manage controls common to all cybersecurity frameworks. Cyber Security frameworks are guidelines for building plans to help mitigate risks and threats to data and privacy. Controls are technical or administrative (i.e., policy or procedure) countermeasures designed to protect the desired outcomes of a security or privacy program. Controls protect the confidentiality, integrity, and availability of information systems.Learning outcomes
  • Understand the scrut.io platform, frameworks and controls.
Unit 01 – The Compliance Automation Platform (CAP) Dashboard 
  • Understanding the CAP Dashboard
  • Demonstrating examples of how to create an audit calendar using the CAP
Unit 02 – Cyber Security Frameworks and Controls
    • Cyber Security Frameworks Overview
    • Understanding the cybersecurity framework dashboard
    • Editing and deleting a cyber security framework requirement
    • Marking Cyber Security Framework Requirements as Out of Scope
    • Exporting cyber security framework requirements
    • Downloading cyber security framework compliance report
    • Understanding controls & the Unified Controls Framework
    • Editing and deleting a control
    • Linking and unlinking framework requirements to a control
    • Linking and unlinking artifacts to a control
    • Linking and unlinking controls to a framework requirement
Activities and Exercises
2:00 PM to 4:00 PMIndependent work
  • Explore the dashboard
  • Export the SOC 2 framework requirements
  • Edit a control
  • Link a SOC 2 requirement to a control
8:00 AM to 12:30 PM – Instructor Led
On Day 2, the participants will be introduced to the Policies and Evidence Tasks dashboards. These are the two most important modules for creating a centralized compliance hub.

Learning outcomes

  • Working with the Policy Module
  • Collecting, uploading and associating evidence to controls
Unit 03 – Policy 
  • What is a Policy?
  • Understanding the Policy Dashboard
  • Assigning a policy to an assignee
  • Understanding the policy approval workflow
  • Setting a policy review cycle
  • How to manage policy content (create/upload, edit, delete)
  • Linking and unlinking a policy to controls
  • Marking a policy as relevant or not relevant
Unit 04 – Evidence Tasks
  • What are the Evidence Tasks
  • Understanding the Evidence Task dashboard
  • How to upload examples of an evidence task
  • Assigning Evidence Tasks to an assignee
  • Understanding Evidence Task approval workflow
  • Setting examples of an Evidence Task review cycle
  • How to remove examples of an Evidence Task
  • Examples of linking and Unlinking an Evidence Task to Controls
  • How to mark an Evidence Task as relevant or not relevant
  • Exporting Evidence Tasks
Activities and Exercises
2:00 PM to 4:00 PMIndependent work
  • Explore the Policy Dashboard
  • Create and upload a policy
  • Explore the Evidence Task Dashboard
  • Upload examples of an evidence task
  • Export examples of an evidence task
8:00 AM to 12:30 PM – Instructor Led

On Day 3, the participants will learn about Risk Management and Vendor Management. Understanding these concepts is critical for protecting the company’s participation in the information supply chain.

Learning outcomes

  • Understanding of Risk Management tools in scrut.io
  • How to manage and mitigate vendor-associated risks
Unit 05 – Risk Management
  • Understanding the Risk Management Dashboard
  • What is a Risk Register
  • Customizing the Risk Register
  • Managing entries in the Risk Registry (create, edit, delete)
  • Assessing a risk
  • Linking and unlinking controls to a risk
  • Understanding risk mitigation tasks
  • Managing risk mitigation tasks (create/upload, edit, delete)
  • Unified Mitigation Task Tab
  • Linking unlinking controls to a mitigation task
  • Closing or Adding a residual risk
  • Understanding Risk Approval Workflow
  • Exporting risk register
Unit 06 – Vendor Management
  • Understanding Vendor Dashboard
  • Understanding Vendor Management?
  • Configuring Vendor custom fields
  • Configuring Vendor custom categories
  • Adding a vendor
  • Understanding vendor details page
  • Editing and Deleting a vendor
  • Editing POC Details
  • Vendor Risk Assessment Workflow
    • Creating a vendor questionnaire template
    • Creating a vendor questionnaire manually
    • Importing vendor questionnaire template
    • Sending a questionnaire to vendor
    • Evaluating vendor response
  • Managing vendor documents
    • Adding a vendor document
    • Deleting a Document
    • Downloading a Document
  • Vendor Discovery and Onboarding
  • Creating vendor intake form
  • Submitting vendor intake form from the employee portal
  • Assessing vendor intake forms submitted by employees
Activities and Exercises
2:00 PM to 4:00 PMIndependent work
  • Explore the Risk Management Dashboard
  • Examples of exporting the Risk Register
  • Explore the vendor management dashboard
  • Create an example of a vendor intake form
8:00 AM to 12:30 PM – Instructor Led

On Day 4, the focus is on people management in the compliance automation platform. The participants will gain an understanding of the People Module and how employees interact with the policies and security training.

Learning outcomes

  • Working with Team Member Modules
  • Creating security awareness training tasks
  • Understanding the Team Members Portal
Unit 07 – The Team Member Module
  • Understanding the People Module
  • Understanding the People Module Dashboard
  • Team Members Management
    • Team Members overview
    • Adding new team members to the People Module
    • Viewing individual team member records
    • Uploading onboarding and offboarding documents
    • Sending manual training reminders to team members
    • Terminating and offboarding team members
    • Resetting an Offboarded team members
    • Resetting Terminated a team member
    • Marking a team member as ‘Person’ or ‘Non Personnel’
  • Security Awareness
    • Understanding Security Awareness
    • Creating a security awareness campaign
    • Configuring a quiz
    • Editing a security awareness campaign
    • Deleting a security awareness campaign
    • Cloning a Campaign
    • Extending a security awareness campaign
    • Viewing a security campaign
    • Automated Evidence Collection for Completed Security Campaigns
Unit 08 – Team Member Portal
  • Team Member Portal Overview
  • Team Member Portal Login Guide
  • Accepting Policies in the Team Member Portal
  • Completing Security Training
Activities and Exercises
2:00 PM to 4:00 PMIndependent work
  • Explore the Team Member Dashboard
  • Explore the Security Awareness Dashboard
  • Clone a Security Awareness campaign
  • Explore the Team Member Portal
8:00 AM to 12:00 PM – Instructor Led

On Day 5, the participants will work with the Audit Center and the Trust Vault. The Audit Center is the centrepiece of the auditing process, where the auditors will view the evidence and create corrective actions. The Trust Vault provides more detailed information about the company’s security posture to the general public and interested parties.

Learning outcomes

  • Preparing for an external compliance audit
  • Showing the world the company’s security posture
Unit 09 – The Audit Center
  • Understanding Audit Center
  • Creating an audit
  • Understanding the audit details page
  • Adding an auditor to an audit
  • Editing and Deleting an audit
  • Marking an audit completed
  • Managing audit findings
    • Creating a finding in an audit
    • Adding artifacts to an audit finding
    • Creating Corrective Action from Audit Finding
    • Linking and unlinking controls to an audit finding
    • Editing and deleting an audit finding
    • Exporting Audit center Findings
    • Understanding Audit Finding Closure Workflow
  • Managing audit requests
    • Creating a request in an audit
    • Adding artifacts to an audit request
    • Creating Corrective Action from Audit Requests
    • Creating Corrective Action from Audit Finding
    • Linking and unlinking controls to an audit request
    • Editing and Deleting an audit request
    • Exporting Audit center Requests
    • Understanding Audit Requests Closure Workflow
Unit 10 – The Trust Vault
  • Understanding the Trust Vault
  • Understanding the Trust Vault dashboard
  • Customizing the Trust Vault
  • Adding compliance to the Trust Vault
  • Adding security items to the Trust Vault
  • Adding subprocessors to the Trust Vault
  • Requesting access to Trust Vault
  • Granting and Rejecting access to the Trust Vault
  • Editing NDA for Trust Vault access
  • Accessing the audit log for the Trust Vault
Activities and Exercises
2:00 PM to 4:00 PMIndependent work
  • Explore the Security Awareness Dashboard
  • Clone a Security Awareness campaign
  • Explore the Employee Portal

Students are also Interested in:

The whole team felt a lot of pride going through the SOC 2 training. It gave us a sense of accomplishment. As a business, we felt ready to tackle a difficult and confusing subject. SotoNets training made it easy.
ABID VIRANI
COO Fable

Ready To Grow Your Business?

Do you have a digital transformation strategy? We are here to help transform your business into an efficient workplace without the constraints of office space. We empower your employees to work from anywhere with the right tools to get the job done.