C2C SmartCompliance is specialized enterprise Governance, Risk and Compliance software and services provider founded by information security, risk and compliance professionals with over 25 years of GRC auditing and consulting experience. The C2C methodology aligns an organization’s compliance strategy with specific business objectives. C2C’s products automate the costly manual processes associated with compliance initiatives, performing tasks in hours that normally take days. It provides stakeholders with a sustainable, business-centric, common operating compliance framework.
Managed Compliance Services™
Business management owns the responsibility for regulatory compliance. This cannot be satisfied, entirely, from an IT perspective. Business-centric compliance (B-GRC) is a services-led engagement requiring specialized knowledge and experience. Because regulatory and policy changes have such a cascading effect on the regulatory posture, the organization must understand the risk, decide what’s best from a business perspective, factor in best practices and create a starting point. This is the foundation of B-GRC.
C2C will help clients interpret the standards and regulations that best support the business objectives and build out a custom, common operating compliance framework. Then it will import the custom framework into Compliance Mapper™ and assist clients in mapping it out to the selected control environments, allowing clients to assess and measure against the best practices that support the business. This blended approach of software plus services, as a compliance solution, is continually being appreciated and validated by our growing international customer base.
“The thing I like the most about Compliance Mapper is that it can be used as a Neural Network for a wide variety of people from different disciplines. Compliance Mapper is able to capture the structure and relationship of many regulations and international controls applicable to an organization, as well as the linkage of those external elements to the internal policies, standards, processes, procedures, tasks and points of internal accountability. This neural network view is an over the horizon line of sight from operation tasks all the way through executive responsibility and board level accountability. With the mapping to regulation, this mesh-worked line of sight is also available from regulations through internal controls down to the specific controls that will provide the evidence of compliance. The flexibility to map using a neural network style of nodes and links means that Compliance Mapper can rapidly build up a contextual view of compliance which becomes a corporate memory as both the regulations and internal organization evolves.” Alf Rock of Alkamind Consulting.
Meet the Key Executive
Steve Crutchley, Founder and Chief Executive Officer: Steve is a recognized leader and foremost authority in the GRC arena. With more than 25 years of experience in Business Protection, combined with an extensive knowledge of the industrial, commercial, government and financial areas, Steve has dedicated his career to maintaining a highly focused emphasis on risk, governance, compliance, information security and information assurance.
A serial entrepreneur, Steve’s string of successes include the sale of his previous venture, 4FrontSecurity, to Symantec. He also sold Systems Solution to AST in South Africa which culminated in the listing of the respective company and the subsequent acquisition of a number of local and international businesses.
Steve has held senior positions in government as well as corporate and private businesses for many years and has a solid track record of prior achievements. In a sector where the noise is mixed and confusing, Steve is able to help organizations navigate through the business protection (security) and compliance maze and assist them in selecting and delivering the processes and solutions that will mitigate risk and support corporate governance. Steve has extensive experience, knowledge and a deep understanding of various standards and control structures such as ISO/IEC 20000, ISO/IEC 27001, BS 25999, COBIT, ISF, COSO, GLBA, HIPAA, NERC, PCI to mention just a few. Steve is an accredited IRCA trainer for ISO/IEC 27001, a renowned Lead Auditor and implementer for ISO 27001, ISO/IEC 20000 and BS 25999. Steve is also CISM and CGEIT, and has a Bachelor of Science in Management Information Systems (B.Sc. Management Information Systems) degree with concentration on Information Security.
Compliance Mapper: Compliance Mapper™ is a tool specifically developed to solve the problem of paper based compliance challenges. It enables clients to instantly create bi-directional links between the policies and procedures and the standards, regulations and best practices that directly affect the business. Compliance Mapper™ presents a powerful and intuitive correlation between the effectiveness of the controls you’ve selected and solid documentation of how they’re actually being used.
MyRiskAssessor: MyRiskAssessor™ (myRA) addresses the challenges of protecting assets with a cost effective solution that conducts risk assessments and provides management process visibility. myRA estimates the likelihood of exposure from numerous threats, vulnerabilities and identifies the policies and procedures needed to control risk exposures. Identifying asset risk is increasingly complex and costly. Increased accountability from stakeholders, industries and government is being demanded more now than ever. myRA offers an affordable solution that is easy to understand and to use by managers and staff.
Compliance Assessment Professional: Compliance Assessment Professional™ (CAP) addresses complex and costly regulatory compliance issues by offering consistent and standardized reports that support business requirements, governance, compliance, recognized standards, business processes and management needs. Unlike inconsistent paper based assessments, CAP offers accountability, flexibility and storage.