Describe a project that required input from people at different levels in the organization.

Implementation of GRC tool to ensure FedRAMP, ISO 27001, SOC 2, PCI DSS Level 1 Audit and Evidence Collection

S/T (Situation/Task)

Evidence Collection happen at last minute and not internal control testing schedule was in place to help ensure that evidence was always current and no evidence was out of date.

  1. Human resources

  2. Information technology

  3. Engineering

  4. Infrastructure

  5. Executive Level

  6. Information security

  7. Marketing

A (Approach)

Research and Selected a GRC Tool and designed internal controls in the GRC tool that would help meet evidence requirements for the different frameworks that FormAssembly had to meetSo internally we have a master list of the personnel that will have listed , their start date, background check date, employee handbook acknowledgment date, and etc.

So the internal control for this question is that we have HR uploaded version of the master list at the end of every month. But every quarter I will randomly select one of the 3 uploads and randomly select 33 or 34 employees and ask to see their background checks and compare the background check dates to ensure they match.

R (Results)

PreviousTime when you came up with a new approach to a problem.NextEncountered a problem and how you resolved it.

Last updated