Security compliance based on third-party audit is becoming increasingly complex –especially as a result of the considerable number of national, international and industry-specific standards and certification schemes present in the market, generating "compliance fatigue", not to mention sometimes contradicting audit reports related to similar controls, That often translates into substantial costs for those service providers
The idea behind the MPRF is to provide a unified method of systematic and consistent activities with the goal of minimizing the burden of obtaining certification "Y" for a CSP, once it has already obtained certification "X". The MPRF’s purpose is, therefore, to use and promote a comparison analysis between different security frameworks, standards,
and best practices.
Listen as Damir Savanovic; Senior Analyst & Researcher; CSA and project manager for the EU-SEC project discusses this exciting evolution of the compliance eco-system and how it promises to change how we approach security assessments in the near future.