As government regulations spread around the globe, geopolitical, regulatory, legal, and compliance risks continue to present challenges for enterprises. Moreover, with the increasing proliferation of laws and rules and an increase in stakeholder expectations, organizations are more vulnerable to compliance risks than ever. Today, a majority of companies still take an old-school approach when it comes to managing compliance risk. As the risk issues change as per the business, their strategy and process must also change accordingly.
C2C Smart Compliance, a Virginia VA-based leading risk and compliance management solution provider is helping organizations optimize their risk and compliance management operations. It is a premiere GRC firm, providing compliance infrastructure management services, compliance software (Enterprise and SaaS), and mapping solutions that support international regulatory standards and best practices for commercial and government enterprises. C2C’s web-based, automated compliance platform is designed for improved business performance and audit readiness across the entire organization.
Unique Service Offerings
C2C Smart Compliance was established in 2005 as Consult2Comply. However, its name was changed in 2013 to C2C Smart Compliance as it aligned its business more to the compliance and risk industry and the demand for its products started increasing. The company provides unique offerings in risk, compliance, content, and mappings including,
- MyRiskAssessor (MyRA)
It is a fully functional risk product that contains a comprehensive set of threats linked to vulnerabilities linked to control infrastructures. This allows the risk management process to be streamlined in the organizations and supports the skills needed to effectively undertake a risk assessment and manage the risks. Moreover, as organizations cannot effectively apply a correct threat without a structure threat library, MyRA allows this process to be undertaken painlessly and supports the findings.
It also shows Risk Values, Inherent Risk Values, Residual Risk Values, and Control effectiveness – all outputs from the risk management process using the threat tables. Alongside this, MyRA also offers Business impact Analysis, Assessment Questionnaires, Risk Treatment, and remediation with workflow and full reporting including filtering and graphical representations.
- Compliance Mapper (CM)
It is a unique compliance product. CM has over 10,000 regulations, standards, and best practices in the product. The CM Mapping Capability allows mappings to be applied (manually, semi-manually, and automatically) to the frameworks and showing mapping level as a guide to the compliance staff. This provides a good level of understanding to the teams that are measuring compliance effectiveness. Furthermore, CM is also capable of finding possible mappings as well.
Alongside these prominent products, C2C provides several compliance services such as — Banking & Financial Management, Regulatory Change Management, C2C Content Library, Assessing Compliance and Policy Gap Analysis, GDPR, Mapping/Crosswalk Services, etc. “We at C2C are pushing the envelope to ensure that compliance professionals can easily get to grips and understand the relationships of multiple differing frameworks into one coherent compliance infrastructure,” said Steve Crutchley (Founder and CEO at C2C Smart Compliance).
Foremost Authority in the GRC Arena
Steve is a recognized leader and the foremost authority in the GRC arena, with more than 25 years of experience in business protection. He came to the U.S. in 2002 just after 9/11 and started his business 4FrontSecurity that, which was later acquired by Symantec. Steve left Symantec to start Consult2Comply and to develop the Compliance Mapper product. Compliance Mapper was developed to help businesses understand a line of sight into regulations, standards, and best practices from policies, a major requirement still being used today. MyRA was initially developed for IT risk but it also has moved on significantly. He takes pride in leading a team that is committed to understanding customer needs and delivering success.
As the founder and CEO, Steve’s roles are to ensure the client needs are met, to design the software to deliver what the client wants, and to manage the teams to make sure they can respond quickly and effectively.
Offering Value-added Services
Since its inception, C2C’s aim has been keeping everything simple and not over-complicating subjects like risk and compliance. However, the cutthroat market competition seeks unique methods and tends to over complicate everything. “We strive to offer value- added services and this can be difficult because people want complication which makes life more difficult and takes much longer putting organizations at risk,” adds Steve.
Delivering to the Clients’ Needs
The COVID-19 pandemic has unsettled several businesses around the world. C2C, however, was not severely affected by the pandemic. The company provided continuous services throughout the pandemic and has also maintained the relationships with its clients. It takes pride in listening and delivering to the clients’ needs.
Before the pandemic, all the C2C staff was used to travel extensively, supporting its clients on-site. However, being deskbound due to the impositions, it has adapted to the conferencing facilities. Moreover, as the 9 am to 5 pm days have disappeared into obscurity, the company’s solid work ethic has supported it. Heaping praises on his team, Steve further added that the C2C team was excellent and very professional in their approach to business in these unprecedented times.
Continually Improving Functionality
Presently, C2C has numerous projects in hand such as working with large bank groups and legacy GRC vendors, providing them with regulatory content. Moreover, the company has recently made in-roads to the Australian Market with the help of a partner who understands the Australian market and conditions.
In the near future, the company aims to continually improve functionality to make the risk process easier for people that do not necessarily understand risk and want to undertake risk assessment and get proven results.
