The Andromeda Compliance Automation Solution

Andromeda Compliance provides service organizations with a streamlined, automated path to SOC 2, SOC 1, HIPAA, ISO 27001, NIST 800-53A and GDPR compliance. The service’s unmatched range of integrations with cloud platforms such as AWS, Azure and GCP as well as with a host of SaaS applications enables compliance evidence to be automatically collected from these sources. From customizing policies and controls to gathering evidence to compiling content for the auditor’s certification report, Andromeda Compliance speeds up the entire compliance process, while supporting close coordination between client and independent auditor to cut the cost and labor required to successfully complete an audit. Andromeda Compliance also ensures, through continuous monitoring, that the organization stays compliant. With automation, compliance becomes a highly consistent, repeatable, provable process.

The Problem with Traditional Compliance Approaches

Current approaches used by corporate compliance teams and external auditors rely on highly laborintensive processes, such as manually collecting and uploading evidence files and using spreadsheets for tracking long lists of tasks and task owners. This very outdated approach creates an enormous communications overhead of emails, texts and files flying back and forth between client and auditor. It lacks any automated evidence collection or a common data repository. It’s also hugely time-consuming, error-prone, expensive, difficult to leverage across multiple compliance frameworks — such as SOC 2, HIPAA and ISO 27001 — and hard to maintain over time.

Akitra’s Andromeda Compliance Provides an Automated Solution

Akitra transforms the compliance landscape with a far more automated, integrated approach. By taking advantage of connectors for read-only access to customers’ suite of HR, DevOps, storage, collaboration, IAM, security and public cloud services, Andromeda Compliance automatically collects essential evidence required to demonstrate compliance with the requirements of multiple compliance frameworks. All the relevant information required by the auditor – policies, controls, evidence – is maintained in a common repository for both parties.

Andromeda Compliance is built on a unified architecture to enable customers to make use of common policies and common controls across multiple compliance frameworks, since these frameworks have significant overlap with one another. This reduces duplication of effort and makes it far easier for companies to achieve and maintain compliance with these many frameworks.

A key strength of Andromeda is the continuous, automated monitoring that it also provides. If a compliance gap is detected, Andromeda generates a risk-prioritized alert to ensure prompt response by the IT or Compliance team. And, Andromeda’s Playbooks provide guidance on how to resolve the issue as quickly and efficiently as possible.

And unlike competitors with narrow compliance-only product lines who lack deep security expertise and services, Akitra offers a much more comprehensive solution by leveraging its complementary cybersecurity services, such as AI-based threat detection and integration with SIEM platforms. The option to integrate with the larger Andromeda family of security products provides a more seamless and more automated asset discovery, security and compliance solution.

Steps to a Completed Compliance Report with Andromeda Compliance

Gap Analysis: Review checklist, perform pen test, assess risk level
Endpoint monitoring: Deploy Andromeda Shield to enterprise workstations and servers, and to work-from-home employees’ devices. Optionally, deploy other Andromeda modules for security and asset discovery, such as Andromeda ML or Stargazer for SIEMs.
Cloud services integration: Enable connectors to cloud platforms such as AWS/GCP/Azure as well as to SaaS services such as Okta, ADP, BambooHR, Gusto, Github, Bitbucket, Jira, Microsoft 365, Google Workspace, Dropbox, Sharepoint, Slack, Microsoft InTune, Jamf, Rippling, and many others. Over 95 integrations and counting!
Add policies and controls: Use Akitra’s customizable templates or your own, to define your compliance processes for security, availability, confidentiality, privacy and processing integrity.
Ensure outside vendors are compliant: A vendor management module enables outside suppliers to upload their compliance reports, questionnaires and other evidence.
Keep employees compliant: Training completion, policy acknowledgment and background checks are examples of the onboarding processes that are tracked to demonstrate compliance.
Gather evidence from automated monitoring systems: Collect company policies, endpoint monitoring reports, and other reports from cloud platforms and SaaS services. Assign tasks to IT / compliance team members, use built-in commenting and notification tools, and monitor progress tracked by the compliance automation system.
Start the audit: Provide Compliance system access to an independent compliance auditor (or internal auditor) to review policies, controls and evidence, request added information where necessary, and provide compliance approvals.
Complete the audit: Receive certified compliance report from the auditor.
Maintain continuous monitoring: To stay continuously compliant, use Andromeda to monitor all relevant systems, provide gap notifications, prioritize risks, and provide playbooks for remedying problems.
Repeat audit periodically as required: Audits are typically performed annually – but with Andromeda Compliance in place, the customer will be ready!

Compliance Frameworks Supported

SOC 2 Types 1 and 2
SOC 1 Types 1 and 2
HIPAA
ISO 27001
GDPR
NIST 800-53A

How to Get Started

Technical Support

For 24×7 technical support, contact support@akitra.com

Akitra Inc.
831 Stewart Drive,
Sunnyvale, CA, USA 94085
http://www.akitra.com