ACIRM+: Being compliant with the SEC’s cybersecurity regulations

ACIRM+ is designed to capture all of the detail necessary for your organization to be compliant with the SEC’s new cybersecurity regulations.  It keeps track of all of the incidents, all of the cyber incident response efforts and all of the data necessary to report to SEC or the Attorney General (via the FBI), and enables you to satisfy the regulator’s audit requirements.

ACIRM+ has three parts:

  1. Our Global Cyber Incident Intake Form.
  2. A customized version of our mature, robust, business process-based project management system, APM+; customized to store all of the relevant information necessary.
  3. Smart Reporting: Multiple reports including those used to submit “material cyber incidents” to CISA or to request a delay from the Attorney General.

The Global Cyber Incident Intake Form is where anyone in the organization globally can submit a cyber incident when they see one.  They enter as much information as they can and when they click on Save, the system acts as a funnel.  Automatically, multiple things happen:

  • A project plan / timeline is generated using the organizations’ cyber incident response process for that type of incident as a template.
  • All of the data from the incident record is brought over to the project record.
  • The team lead in charge of this type of incident is notified that he/she has a new project to manage.
  • Multiple posting are made to the audit log field. Each one is date and time stamped with the name of the user.  This data cannot be changed.  Every time an entry is made, an automatic entry is made to the audit log field.

From there, the team lead uses APM+ as a project management system to manage all of the work.  People are assigned to tasks.  They work the tasks, status the tasks, populate the fields detailing the incident and enter their time spent so you know the labor cost of doing the work.  Related documents are attached to each task or to the project record.

APM+ can be configured to fit your specific requirements and can be housed wherever you want it to be housed.  Our largest customer was the National Geo-Spatial Intelligence Agency which means it is secure.

Some of the benefits are:

  • With APM+, everyone looks at the same data.  Leadership can look at any time to see the status of any project.
  • Because templates are used to generate project plans, the plans are the same.  Apples can be compared with apples.
  • The process is the same.
  • Key performance metrics are captured. APM+ manages cost as well as schedule.  If they knew how much each remediation effort costs, they might decide not to do one.  With our metrics, opportunities for efficiency can be seen.  If one team finishes a project in a week and another does it in a month, how come?  APM+ answers the “how do you know” questions.
  • Holding people accountable. Because the workers status the tasks, our experience is that they hold themselves accountable.
  • More projects finish. On time and on budget.
  • Training on the process is eliminated. APM+ acts as a knowledgebase.
  • Time saved. Easier to use and faster.  APM+ automates (almost) everything.
  • Low cost. The people who can enter incidents do not need a user license.
  • Can run wherever you want it to run.