Skip to main content
Skip table of contents

NCA OTCC User Guide – Compliance Maturity Model: A Foundation and Road Map

The Labs Compliance Research team within LogRhythm has established an understanding that our customers transition through a maturing process as they implement controls, policies, personnel, and system solutions according to the requirements of a given compliance or regulation. As compliance programs mature, the SIEM must be able to adapt and reflect changes within the organization’s environment. A compliance offering through SIEM that is out-of-the-box detracts value from the customer’s experience. With all the work put in towards establishing a compliance program, it is advantageous to integrate this gained insight into the SIEM to establish a strong foundation and structure to data.

When your organization hears it’s time for the annual audit or reference to compliance, the general outlook often is not overly positive. However, the opportunity exists to leverage these compliance frameworks to build a foundation and create competitive advantages. As an organization matures across the compliance maturity model (below), the groundwork of a foundation is established around policies, controls, systems, personnel, and understanding. The organization begins to establish key resources such as system classifications, account classifications, various risk assessments, scope definition, process & data flows, and audit results year-over-year, which are a key element to establishing this strong foundation.

All these factors are ingredients to establish what becomes a solid, yet adaptable foundation for which a mature, compliant organization can transition into a better security posture. This transition from the compliance foundation allows your security program to be built off a holistic and transparent understanding of the organization’s environment and risk profile.

Our goal through LogRhythm’s compliance approach is to provide a road map through which SIEM empowers the organization to grow and bridge the gap towards a security program. This allows organizations to start basic and transition into more enhanced facets of LogRhythm SIEM and other solutions. Data can now be utilized as a competitive advantage, a strong foundation to protect your organization.

Key Resources

As a result of an organization's efforts towards NCA OTCC compliance, the following resources should be established and can be leveraged within the deployment of this compliance automation suite and LogRhythm SIEM as a whole.

  • Data Inventory & Privacy Classification
  • Asset Inventory & System Classification
  • Definition of Key Management Responsibilities
  • Security Policies & Procedures
  • Information Security & Business Continuity Plans

Key Audiences

The following are examples of key audiences involved in the NCA OTCC audit life cycle.  Reporting packages, reports, and Case Management can be leveraged to deliver critical information and can be catered to specific requests.

  • Internal & External Audit
  • Executive Management Summary
  • Control Owners
  • Information Security Teams (The SOC)
  • IT Operations
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.