What is J1's Stance on the Accuracy of their Compliance Reporting?

LucasPersell

When using the compliance feature, what is the validity of the reporting tools as these compliances seem to shift, change, and update fairly regularly?

Also, in case of a breach and if a company needs to show proof of complacency, let's says PCI, can a client use the J1 report to show compliance, or is it just for the user's information but no to be used in an official capacity?

dcpeach

Compliance and (GRC) automation tools like JupiterOne are accepted by auditors. The compliance industry is in the midst of a technological revolution where we’re moving away from manually maintained spreadsheets to using technology.  As well as, automation to move towards the goal of continuous compliance assurance; this is an ongoing re-education effort across the industry. And we’ve been happy to educate auditors, write whitepapers, etc. In order to get compliance folks comfortable and up to speed on where the industry is moving towards.

Compliance and regulatory requirements, standards, frameworks, benchmarks, etc. get continually updated when they undergo new version releases with corresponding changes. At JupiterOne we have an internal compliance product team that maintains the accuracy and currency of the aforementioned (regulations, standards, frameworks, benchmarks) as new versions and requirements are released.

Companies routinely use JupiterOne's compliance functionality to demonstrate compliance. Because, JupiterOne is connected to the sources of truth, e.g., infrastructure, identity providers, vulnerability scanners, etc. At JupiterOne compliance functionality and reporting can be used to demonstrate due diligence. That aligns with a company’s efforts to maintain security and compliance posture best practices, if required. With that being said, a JupiterOne (internally) generated report, doesn’t satisfy requirements for an independent 3rd party auditor to perform an examination, audit, or assessment.  JupiterOne does not operate as an auditor.