Lazarus Alliance Uses IT Audit Machine GRC Solution to Perform DFARS NIST 800-171 Audits More Efficiently

Scottsdale, AZ, October 24, 2017 (Newswire.com) – ​Lazarus Alliance, a leading cyber security governance, risk, and compliance (GRC) firm, is utilizing Continuum GRC’s IT Audit Machine (ITAM) GRC to perform DFARS NIST 800-71 audits for its clients.

U.S. Department of Defense contractors have until December 31, 2017, to achieve DFARS compliance.

“There’s no reason to believe that the DoD intends to extend this deadline,” noted Michael Peters, CEO of Lazarus Alliance. “Over the summer, the DoD held an Information Industry Day emphasizing the importance of DFARS compliance and reminding attendees that time was running out.”

DFARS compliance is complicated and time-consuming, and time is something our DFARS clients do not have right now.Michael Peters, CEO, Lazarus Alliance

While DoD contractors are already accustomed to adhering to comprehensive security controls for classified systems, DFARS mandates that security controls also cover “Unclassified Controlled Technical Information (UCTI),” a broad term referring to unclassified data. Therefore, many organizations are having to expand their controls to cover additional systems.

“DFARS compliance is complicated and time-consuming, and time is something our DFARS clients do not have right now,” Peters explained. “By using ITAM GRC software to perform DFARS audits, we’re able to remove a lot of complexity from the process and save our clients time and money.”

The cloud-based ITAM GRC software integrates IT governance, policy management, risk management, compliance management, audit management, and incident management. Its user-friendly self-help modules encompass the full spectrum of regulatory and industry data security requirements, including DFARS NIST 800-171. Peters states that, on average, ITAM speeds up GRC assessments and reporting processes by 180% over traditional audit processes.

“Some organizations still use Microsoft Excel to perform IT compliance audits,” Peters noted. “Now that software like ITAM is available to automate the compliance process, that’s like using an abacus to keep your books. When facing compliance with a standard as complicated as DFARS, and running out of time to do it, you can’t mess around with spreadsheets.”

In addition to keeping them qualified to perform work for the DoD, DFARS compliance offers inherent strategic value for service providers. Other public and private-sector organizations know how rigorous DFARS compliance standards are, and they recognize that service providers who comply with DFARS are serious about data security, not just in-house but also on the part of their third-party vendors. DFARS compliance also demonstrates due diligence in the event of legal action or questions of business insurability.

“The majority of data breaches are now being traced back to third-party vendors,” Peters said. “DFARS is the DoD’s way of addressing this problem, and in the end, it’s going to be a good thing for everyone.”