The CAMM Objective:
- Provide a framework to in support of necessary transparency attesting the Information Assurance Maturity of a Third Party Providers & Suppliers (e.g. Cloud providers).
- Publication of results in an open and transparent manner, without the mandatory need for third party audit functions, or due diligence engagements.
- Allow for data processors to demonstratively publicise their attention to Information Assurance in comparison to other supplier’s levels of compliance, and security profiles.
- Negating the operational requirement for time consuming, expensive, subjective, and resource intensive bespoke arrangements to attest security and compliance.
- How can business consistently assess their service providers?
- CAMM, with its approach to an Assurance oriented model provisioning clear, concise, and standardised results
- Utilise existing standards such as ISO 27001, ISO 27002, BS 25999, CobIT, PCI- DSS etc, to develop a series of control questions specific to the organisation.
- Responses to such questions (and the subsequent detail)) to be published and available.
- Output to also include a score that details the providers Common Assurance Maturity score