Compliance Auditing

The Problem

While organizations may have strict business rules around the flow of data, very few manage to technically enforce them by detecting data shifts that violate such rules. For example, there may be a rule for sending payment information for a specific product to a specific 3rd party payment processor. If this information is sent to a different payment processor due to the logic in the current code, then this specific business rule is violated. Any attempt to rectify will require code changes that have to be tested before being deployed. All such efforts will require Engineering support, provided they have the bandwidth to accommodate in the first place.

The Solution

Riscosity allows customers total control over outgoing data flows, including the power to redact or redirect data as per business needs. For the scenario mentioned above, Riscosity offers an easy fix - redirect all payment information tagged to that product to the specific processor even if the existing code says otherwise. There are no changes to the codebase, and so no Engineering support is required. Similarly, Riscosity customers can redact specific data elements from an outgoing file transfer, if sending that data would violate business rules like “do not send PII to ITAR-proscribed countries”. This can prevent data exfiltration by mistake (user error) or intention (malicious insider or compromised insider credentials).