About ThinkRazor and Policy Central
From Experts in Building Security Centric Operations
ThinkRAZOR was formed by principals with almost 80 years of experience building enterprise and entrapreneurial IT operations. Their experience spans decades of standards compliance and best practices that have driven excellence and competitive advantage in 100's of companies.
Founder and CEO
Policy Central provides a structured methodology to create, adopt, integrate and maintain best practices security and operational controls. It does so over the life-cycle of policy development, approval, training and enforcement. It provides unique features to enable standard controls and policies to be reused to satisfy multiple overlapping compliance standards such as PCI, SOC or HIPAA (Compliance Standards)
The Standards Conundrum
Many companies have to comply with multiple Compliance Standards. This is inherently difficult as each standard has different vocabularies. Since the successful management of systems and data rely heavily on a sensitized culture of security, it is often difficult to mobilize teams to "do the right thing" when the conversation requires mastering multiple 'compliance languages'.
A Standards Independent Approach
Policy Central focuses a universal security and operations control framework. One which is aligned with how an IT centric organization runs its business. Once adopted this best practice suite of over 500 database driven policy artifacts including policies, guidelines, controls, procedures and audit processes are dynamically linked multiple compliance taxonomies including PCI (credit card security), SOC (replacement for SAS-70), HIPAA healthcare privacy act, etc.
Adopting a Best Practice Control Framework
Policy Central provides an online environment to manage the workflows associated with adopting a baseline operational control framework. The process includes the (a) assignment of roles and responsibilities; (b) policy adoption wizards to align actual business activities with required policies; (c) survey of organizational definitions that customizes policy vocabulary where needed; and (d) and a task management framework to assure that all needed approvals and acknowledges are evidenced.
Tools to Automate Evidencing Policy Compliance
In addition to best practice content representing decades of expertise in managing software development and IT infrastructures, Policy Central delivers integrated database applications which track key compliance activities such as Data Classification, Access Granting, Policy Review, Policy Acknowledgement and 40 other workflows.
Improving Audit Outcomes
Most Compliance Standards ultimately are the subject of review by independent auditors. The process generally focuses on whether (a) policies are in place; (b) that there is a framework to enforce and monitor compliance; and (c) evidence that the policies are in fact being followed; and (d) that the policies are subject of regular review and improvement. Policy Central is configured to allow granting Auditors temporary read-only access where they can easily accomplish this review more efficiently and with less organizational overhead.
Customizable to Meet any Business Need
While easily 90% of a control framework can be thought of standard, every business has nuances that need to be reflected. Policy Central is designed to allow for customization of policies, procedures and workflows where needed but without giving up the ability to take advantage of continually evolving requirements.
For Auditors and Consultants
ThinkRAZOR has special programs to enable CPA's and other security audit consultants to integrate Policy Central into their readiness and audit programs.