Compliance Decision Making Process
The Compliance Decision Making Process (CDMP) is a free guide to assist Governance, Risk & Compliance (GRC) staff come up with viable Courses of Action (COA) based on:
- Facts;
- Assumptions; and
- Contraints.
Compliance with cybersecurity and date protection laws, regulations and contractual obligations requires a proactive approach to be efficient and effective. Proactive compliance can be thought of as having four (4) distinct components, which comes from the broader Military Decision Making Process (MDMP) used by the US military. The common military planning acronym associated with this is DIRT:
- Decisions;
- Intent;
- Risk; and
- Triggers.
Getting to the point of making a sound decision is built off of multiple supporting processes. In this document, ComplianceForge co-ops concepts from DIRT and MDMP with a cybersecurity compliance-focused criteria to create a Compliance Decision Making Process (CDMP). The CDMP helps define a viable process to tackle compliance-related decision making to minimize risk and cost that your organization is exposed to with cybersecurity & data protection compliance efforts.
What Is The Point of The Cybersecurity Decision Making Process?
The CDMP is designed to be simple and efficient. It identifies sub-steps, as well as inputs and outputs associated with each step in the decision making process. The five (5) steps are:
- Awareness of compliance obligations;
- Identify facts & assumptions;
- Define a problem statement;
- Determine constraints; and
- Identify possible Courses of Action (COA).
