Call Us

Americas / EnglishEnglishFrançaisDeutschItalianoEspañol
+44 (0)20 8939 1650

Header Menu

Blog
Careers
Customer Support

ProductsExpand
Ethics & Compliance Platform
The NAVEX One platform is an automated ethics and compliance solution that includes a suite of complementary solutions.

Learn More

Lockpath Integrated Risk Platform
NAVEX Global’s Lockpath is a powerful, flexible, integrated GRC platform that enables integrated risk management and is built to scale.

Learn More

Environmental, Social & Governance Solutions
NAVEX ESG helps organisations remove the complexity and confusion of managing multiple sustainability efforts.

Learn More

Ethics & Compliance Solutions
+− Submenu
Whistleblower Hotline & Reporting

Incident Management

Policy & Procedure Management

Code of Conduct

Ethics & Compliance Training
+− Submenu
Course Library

Create a Custom Training Plan

Awareness Solutions

Disclosure Management

Analytics & Benchmarking
+− Submenu
Compliance KPI Benchmarking

Dashboard Analytics

Third Party Risk Monitoring & Screening

Integrated Risk Management
+− Submenu
Business Continuity Management

Privacy, Risk & Compliance Management

Third Party Risk Management

Health and Safety Management

Environmental, Social and Governance Management
+− Submenu
ESG Framework Management

Environmental Sustainability Management

Responsible Supply Chain Management

Conflict Minerals Management
SolutionsExpand
Download

Download

Download

Download

By Issue
+− Submenu
Bribery & Corruption

Diversity & Inclusion

Business Continuity

Compliance & Policy

Health and Safety

IT Risk

Operational Risk

Managing Third Parties

Regulatory Compliance

Organisational Culture

Corporate Fraud

Harassment & Discrimination

Conflict of Interest

Cyber Security

Data Privacy

Retaliation

Money Laundering

By Role
+− Submenu
Ethics & Compliance

Legal & Risk

Human Resources

Board of Directors

Quality Control

IT

Procurement & Supply Chain

Audit

By Industry
+− Submenu
Financial Services

Life Sciences

Energy & Utilities

Retail

Transportation & Logistics

Insurance

Technology

Government

Food & Beverage

Healthcare

Manufacturing

By Regulation
+− Submenu
GDPR

UK Bribery Act

FCPA

DOJ Corporate Compliance

EU Whistleblower Directive

ISO 27001

NIST CSF

OSHA

PCI DSS

SMCR

UK Modern Slavery Act

Sapin II

Italy Whistleblower Protection Law

SOX
PricingExpand
ServicesExpand
Professional Services

Customer Success
+− Submenu
Implementation Services

NAVEX Global Community
ResourcesExpand
Benchmarking Reports

Definitive Guides

White Papers

Case Studies

Product Overviews

Webinars

ROI Calculators

Compliance Next

ALL RESOURCES
CompanyExpand
Leadership Team

Partners

In the News

Press Releases

Events

Blog

Working at NAVEX Global

Job Openings
Get In Touch
EMEA + APAC
+44 (0)20 8939 1650

FRANCE
+33 1 73 79 40 20

US + AMERICAS
1-866-297-0224

Locations >

Thank you for your interest in NAVEX Global. We'll be in touch with you shortly. If you have any immediate questions, please give us a call at 1-866-297-0224.

NIST CSF Compliance

Speak with one of our experts to help you get started

Challenges
Learn More
Resources
Learn More

Complying with NIST CSF

In 2013, the National Institute of Standards and Technology (NIST) added the Cybersecurity Framework, creating NIST CSF. The risk-based cybersecurity framework is now used internationally to provide a common language and foundation for managing cybersecurity risk. One of the main benefits of the voluntary framework is that it helps companies identify the gaps between their current and their desired levels of security, and guides the actions necessary to achieve it.

NIST CSF helps companies identify cybersecurity risks to systems, as well as assets, operations, and people. It helps companies build proactive defenses, detect events and threats as they happen, and create response plans. Finally, NIST CSF helps companies restore capabilities and services if and when a cybersecurity event occurs. Besides helping companies combat risk, the framework encourages communication among internal and external stakeholders. Addressing cybersecurity risk is everyone’s job.

See how to implement NIST CSF

What You Need

Risk Assessments

Lockpath’s assessment engine gathers, organizes and reports on critical risk-related information from the people closest to assets and business processes.

Prioritize Risks

ISO 27001 details the identifying and prioritizing of risks. Assign those risks to specific users for analysis with due dates and reminders.

Map ISO 27001 to Policies

Lockpath’s workflow ensures policies are mapped to the ISO 27001 standard. With any new or updated policy, the platform communicates policies to company employees with required acknowledgment and attestation.

Change Management

ISO 27001 is about continuous improvement. That requires making changes. Lockpath acts as a change-control mechanism, allowing you to plan, approve and track all changes in the ISMS. You can also forecast the impact of any changes.

Audit Prep

Automatically generate audit work-papers; gather and store evidence for audits; and assign audit findings to business and asset owners for investigation, remediation and escalation.

Steps You Can Take to Build an Effective Third Party Risk Management Program

Step 1

Define your organization’s risk based on industry, regulatory environment, number of third parties and other factors to define your risk profile.

Step 2

Screen all of your third parties against your organization's risk profile, reports on adverse media, politically exposed people and sanctions lists.

Step 3

Surface third parties that represent higher risk due to geographical location, type of business, contract value, and government relationships. Screen outcomes and conduct additional due diligence when applicable to protect your organization.

Step 4

Centralize the management of your third parties in a singular, purpose-built third party risk management solution.

Discover the new standard in risk management

Get Started Today

NIST CSF Resources

WebinarCyber Security and Insider Threats: Turning Policies into Practices
Sample PolicyInformation Security Policy Sample Template

Explore Other Regulations

ISO 27001 Compliance & Certification

Read more about ISO 27001 Compliance & Certification

PCI DSS Compliance

Read more about PCI DSS Compliance

GDPR Compliance

Read more about GDPR Compliance

LinkedIn Twitter Facebook YouTube

+44 (0)20 8939 1650

Thank you for subscribing! Please be sure that @navexglobal.com is on your company's safe sender list to ensure our emails reach your inbox!

Select Language & Region

English
English (EMEA)
Deutsch
Italiano
Français
Español

About NAVEX Global

Our Story
Blog
In the News
Press Releases
Events
Careers
Leadership Team

Terms of Service

Modern Slavery Act Statement
Privacy Statement
Terms of Use
Email Subscriptions
Cookie Preferences
English