Set Up the Self-Attested Compliance Panel Jessica The Self-Attested Compliance panel in the Security Posture Management application [ Settings ➔ Manage Compliance Claim] allows you to proactively communicate some of the key frameworks your company maintains compliance with right on your Bitsight profile. This feature also allows you to direct stakeholders to your company’s compliance program web page where they can view your program in depth and request additional documentation for independent verification.Organizations using this feature have self-attested that they are certified in the following frameworks and/or compliant with the following regulations, as indicated. Bitsight has not independently verified any certifications or validated the organization's compliance with these regulations.Prerequisites Setting up Self-Attested Compliance takes 5-10 minutes. Once complete, your Self-Attested Compliance panel is displayed on your Company Details page. You must be an admin, group admin, or portfolio admin with your MyCompany in your portfolio to set up the compliance claim for your MyCompany’s Self-Attested Compliance panel. See permissions. Setting Up the Self-Attested Compliance Panel In the SPM App, select Settings, then select Manage Compliance Claim. Provide a valid URL in the field labeled “Link to your compliance web page.” This is a required field. To be considered valid, URLs must be hosted on a domain owned by an entity on your organization’s rating tree or hosted by one of four accepted third-party vendors. These vendors are: Kintent SafeBase Drata Conveyor Check the boxes next to all frameworks that you attest to maintaining compliance with or a certification in. Configure the look of your Self-Attested Compliance panel preview. The preview updates as you make changes to the information in your claim. You can: Reorder frameworks by clicking on the double lines next to any checkbox and dragging the framework up or down. Preview the web page you provided in the URL field by clicking View Compliance Web Page on the panel preview. Once satisfied with your selections and configuration, hit Save & Publish to finalize your compliance claim and update your company’s profile. All stakeholders may now view your Self-Attested Compliance panel in your company details page. Removing the Self-Attested Compliance PanelYou can remove the Self-Attested Compliance panel at any time. In the SPM App, select Settings, then select Manage Compliance Claim. Uncheck all frameworks. Select Save & Publish. Available Compliance FrameworksBelow are the currently available compliance frameworks you can attest to within Bitsight.SOC 2 Type 2: Service Organizations Controls 2, Type 2 reports are the result of a year-long assessment meant to give assurance over the operation of control environments as they relate to the retrieval, storage, processing, and transfer of customer data.SOC 2 Type 1: Service Organizations Controls 2, Type 1 reports are the result of a point-in-time audit meant to give assurance over the design of control environments as they relate to the retrieval, storage, processing, and transfer of customer data.ISO 22301: International Organization for Standardization 22301 is the standard for Business Continuity Management (BCM) and is designed to help organizations prevent, prepare for, respond to and recover from unexpected and disruptive incidents.ISO 27001: International Organization for Standardization 27001 is the international information security standard for demonstrating secure management of data centers, development centers, support centers, and office sites.ISO 9001: International Organization for Standardization 9001 is the international standard for a quality management system (QMS) used to demonstrate the ability to consistently provide products/services that meet stakeholder needs within statutory and regulatory requirements.FedRAMP: Federal Risk and Authorization Management Program promotes the adoption of secure cloud services across the United States government and provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud service offerings.GDPR: General Data Protection Regulation is a European Union law that requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory.HIPAA: Health Insurance Portability and Accountability Act sets the standards for protecting sensitive patient health information from being disclosed without the patient’s consent or knowledge.PCI DSS: Payment Card Industry Data Security Standard is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment to reduce credit card fraud.CSA STAR Level 1: Cloud Security Alliance Security, Trust, Assurance, and Risk Level 1 is achieved by submitting self-assessments to document compliance with the CSA Cloud Controls Matrix and enables members to demonstrate their security and compliance posture.CSA STAR Level 2: Cloud Security Alliance Security, Trust, Assurance, and Risk Level 2 is achieved by successfully completing an audit using criteria from other standard frameworks and the CSA Cloud Controls Matrix and provides another layer of assurance for cloud security and privacy.HITRUST: HITRUST provides a framework that helps companies safeguard sensitive information and manage risk throughout the third-party supply chain.NIST CSF: The National Institute of Standards and Technology Cybersecurity Framework promotes the protection of critical infrastructure and helps practitioners manage cybersecurity-related risk.Available FrameworksFrequently Asked QuestionsDoes Bitsight charge for this feature?This feature is free.Are there plans to add additional frameworks to this feature?If there are additional frameworks that you believe should be added, please submit this as feedback to Bitsight Support or your account manager. June 28, 2022: Published. Related articles Glossary of Terms: Infrastructure Organization: Company Details Request a Rescan in the SPM App Scheduling a Risk Remediation Plan Infrastructure: Assets Feedback 0 comments Please sign in to leave a comment.