A short BIO to introduce myself, I have been involved in technology for over 25 years to include n
As I work closely with various customers over time to meet their IA Compliance requirements the value of a proper annual Risk Assessment and the final RAR (Risk Assessment Report) including a POA&M (Plan of Action and Milestones) become increasingly evident to myself and the customer. The reports give the picture of where compliance was day one, and as the assessment team reviews annually, the initial documents become updated versions of the first noting differences but never being deleted. In my POA&M’s I include a tab for “Completed POA&M Controls” and move all items completed the previous year into that list. That list then becomes a quick reference for any Executive or potential auditor to measure the progress and changes year over year.