News: Global Repository of assurance maturity scores launched. Deadline for organisations to sign up to participate is 30th September 2011
The CAMM Objective:
Problem Statement:
Methodology:
- Provide a framework to in support of necessary transparency attesting the Information Assurance Maturity of a Third Party Providers & Suppliers (e.g. Cloud providers).
- Publication of results in an open and transparent manner, without the mandatory need for third party audit functions, or due diligence engagements.
- Allow for data processors to demonstratively publicise their attention to Information Assurance in comparison to other supplier’s levels of compliance, and security profiles.
- Negating the operational requirement for time consuming, expensive, subjective, and resource intensive bespoke arrangements to attest security and compliance.
Problem Statement:
- How can business consistently assess their service providers?
- CAMM, with its approach to an Assurance oriented model provisioning clear, concise, and standardised results
Methodology:
- Utilise existing standards such as ISO 27001, ISO 27002, BS 25999, CobIT, PCI- DSS etc, to develop a series of control questions specific to the organisation.
- Responses to such questions (and the subsequent detail)) to be published and available.
- Output to also include a score that details the providers Common Assurance Maturity score
CAMM response to Cloud Computing: A Consultative Document
Recommended reading:
Common Assurance Maturity Model Vision
Common Assurance Maturity Model Vision
