At ThreatSwitch we often talk about "outside-in" security compliance. A large part of the security team's time comes from tasks or reports originating from outside the compliance team - employees, program managers, executives, HR, legal, etc. These requests usually end up in your email, inexhaustibly piling up day-after-day.
There's also a wide variety of requests security professionals need to track. Good luck tracking all of this in your inbox or spreadsheets: VARs, FOCI VARs, PARs, PSQ briefs, CUI briefs, pre-screens, foreign travel, agency-specific foreign-travel, asset transfer requests, asset deletion requests, and probably a whole list of other things that are unique to your company.
Goodbye email. Hello Action Requests.
It is crazy to expect FSOs and security professionals to actually do security when their regular tasks incur such a high degree of overhead. Monitoring the threat and risk environment quickly becomes secondary to paperwork.
To us, the key to effectively managing outside-in compliance is better tooling that fosters better process. While ThreatSwitch natively supports many standard workflows such as foreign travel and VARs, we've learned that almost every company has some unique process that they need to capture. With that in mind, we are excited to release Action Requests, a configurable and ticket-like management system for inbound security requests.
With Action Requests, administrators can configure any form that needs to be completed, which will then become available to your employees and program managers. As requests are submitted, your security team can assign, review, and close out requests. At each step in the process, email notifications are sent to ensure that everyone is on the same page. Critically, all requests are associated with your employee data in ThreatSwitch, allowing you to keep your workflows and critical database information all in one place.
For example, an admin may configure a clearance request form that program managers need to complete. As they are filled out, the security team is notified upon submission, the item can be assigned out to the appropriate team member, and employees will be emailed as the request is completed. If that sounds easy, you're right - it is.
Those big and scary unread numbers in your email inbox? Goodbye. They won't be missed.
Ready to learn how ThreatSwitch can help you?