Common Assurance Maturity Model...

The business assurance barometer...

News: Global Repository of assurance maturity scores launched. Deadline for organisations to sign up to participate is 30th September 2011
The CAMM Objective:
  • Provide a framework to in support of necessary transparency attesting the Information Assurance Maturity of a Third Party Providers & Suppliers (e.g. Cloud providers).
  • Publication of results in an open and transparent manner, without the mandatory need for third party audit functions, or due diligence engagements.
  • Allow for data processors to demonstratively publicise their attention to Information Assurance in comparison to other supplier’s levels of compliance, and security profiles.
  • Negating the operational requirement for time consuming, expensive, subjective, and resource intensive bespoke arrangements to attest security and compliance.

Problem Statement:
  • How can business consistently assess their service providers?
Solution:
  • CAMM, with its approach to an Assurance oriented model provisioning clear, concise, and standardised results

Methodology:
  • Utilise existing standards such as ISO 27001, ISO 27002, BS 25999, CobIT, PCI- DSS etc, to develop a series of control questions specific to the organisation.
  • Responses to such questions (and the subsequent detail)) to be published and available.
  • Output to also include a score that details the providers Common Assurance Maturity score
CAMM response to Cloud Computing: A Consultative Document
Recommended reading:
Common Assurance Maturity Model Vision