C2C Smart Compliance is an enterprise Governance, Risk, and Compliance software and services company founded by information security, risk, and compliance professionals with extensive GRC audits and consulting experience.
The C2C tools and approaches help organisations link their compliance and risk management strategies with their specific business goals.
C2C’s technologies automate the timeconsuming manual processes involved with risk and compliance activities, completing tasks that would ordinarily take days in hours.
We provide stakeholders with longterm risk and compliance frameworks that are focused on the business.
We recognise that there is no such thing as 100% security.or 0% Risk and therefore we thrive to provide the knowledge needed understand and protect organisations against known and unknown threats by providing‘line of sight’ from the organisation into the risk and regulatory worlds.
What were the obstacles you faced at the time of establishment?
As with every startup, we needed to establish ourselves in our fields of expertise and get acceptance as a major participant in the business.
It was made a conscious decision to guarantee that the services we provided matched the clients’ expectations, and that the software we produced made their life easier.
Because we still offer features in the risk and compliance products that the competition does not and cannot, the software was a game changer.
The goods were created in the field rather than in a lab, allowing us to focus on the needs of the clients rather than what we believed they wanted.
Do you have automated tools that continuously monitor to ensure malicious software is not deployed?
We do not provide instruments for continuous monitoring.
We provide products with regularly updated Threat Libraries.
This enables the customer to adapt their risks through an ongoing review process, ensuring that threats are clearly defined and updated in accordance with the organization’s posture.
For mapping exercises and to update the progress of projects as needed, we can import outputs from other systems into our products.
Describe the process you have in place to communicate to us security incidents affecting PARTICULAR data.
In the case that there are problems, we use our own tools.
Fortunately, we have not had any events or incidents that have compromised or violated our stored information or service offering to yet.
We are proud of our accomplishments in this field and keep a close eye on our services.
From whom do you receive cyber threat and cyber vulnerability information and how do you use that information?
We spend time investigating threat information to ensure that we only supply what is needed and is consistent with the risk needs being assessed.
Our threat libraries are large, and in order to assist clients, we link threats to vulnerabilities as well as controls (usually ISO 27001 Annex A controls) to provide a holistic view of the threat landscape and how to prevent the threat from manifesting in the company.
In addition to the process, we provide a fully defined risk methodology to ensure that any risk process conducted by the business is supported.
How do you manage the promotion of your firm over social media outreach and email campaigns?
When it comes to raising risk awareness on social media, it’s tricky.
We use LinkedIn as our media platform because it gives us access to compliance and risk forums, which we can target if necessary.
What do you think about the expansion of C2C Smart Compliance?
We’ve been around for a long, but we’re still working on new goods.
Many process frameworks and legislation have requirements that our MyRiskAssessor product is being designed to meet.
The functionality included into the items is far superior to that of most of our competitors.
Because our workforce has multinational backgrounds, we have been highly creative in our problem-solving approaches.
This alone gave us a more global perspective on business, ensuring that we deliver to meet the needs of the entire world rather than just the United States.
In terms of growth, we’re continuously on the lookout for new partners with whom we can collaborate and support our solutions.Our solutions have a high level of functionality and are low cost. Our clients tell us that there is nothing comparable in the market and our offering are truly functional.
How do you try to stay up-to-date on current WAYS OF THREATENING?
All members of the C2C team have undergone extensive security training.
We have a lot of credentials related to the security process.
Each team member is responsible for reviewing the threat landscape in their area of expertise.
We also issue a weekly security bulletin on LinkedIn that covers a wide range of security and threat-related topics.
We develop threat libraries in the products based on feedback from the team.
We now have 77 Threat groups with 438 threats tied to 1514 Vulnerabilities associated with ISO 27001 Annex A controls.
We’d also want to point out that, because of the flexibility of our mappings,we are able to substitute the controls to whatever frameworks needed, for example NIST 800-53, ISF, CIS Controls etc.
What processes do you have in place to prevent the exfiltration of sensitive data, particularly sensitive customer data like ours?
Our products and services are available as SAAS in the cloud or through a managed service provider.
At many levels, we have tremendous security wrapped around the items.
Our training in security gave us a good understanding of how to safeguard the offerings.
Furthermore, we manage dangers such that we are always aware of what is going on around us.
We have strong security safeguards in place, such as two-factor authentication and information access limits.
The majority of what we do does not involve the usage or storage of personally identifiable information (PII/PHI), but if it is, we have the measures in place to provide an excellent level of protection.
Have you developed secure configurations for hardware and software?
We made the strategic decision to rely on service providers to help us meet the security needs of our services.
We rely on their SOC reporting and any supporting certifications they have, such as ISO 27001, PCI, and so on, for MSP providers.
We used Azure as our cloud provider, and Microsoft has SOC reports and ISO 27001 certifications at several levels – ISO 27017 for Cloud Providers and ISO 27018 for PII in the Cloud.
Our evaluation processes ensure that we are always verifying the security of our providers, giving our clients peace of mind when utilising our solutions.
1)Year of Founding : 2006
2) Funding Information : Self-funded
3) Founding Members : Steve Crutchley
4)Office Locations : Virginia, Miami, Seattle, Mexico City
5) Company Strength : 13
6)Website : https://www.c2csmartcompliance.com