Steve Crutchley, Founder & CEO
With an aptitude for entrepreneurship in the security and compliance arena, Steve Crutchley—a content expert in regulations, standards and best practices— founded C2C SmartCompliance in 2007 to assist organizations with content and compliance mappings across various highly-regulated industries. C2C SmartCompliance specializes in helping clients interpret the standards and regulations that best support their business objectives and build a custom, common operating compliance framework. Compliance Mapper—the firm’s proprietary robust mapping tool scrutinizes the policies and procedures of an organization and aligns them with the standards, regulations, and best practices in place to determine how they affect the business. From a content perspective, C2C’s growth path has been quite aggressive. “While our company set out with just 500 regulations in its arsenal, currently it has over 10,000 regulations, standards, and best practices built into Compliance Mapper and we are growing daily,” extols Crutchley, the founder and CEO of C2C SmartCompliance.
C2C’s methodology is simple and intuitive whereby the company takes into consideration the requirements that a particular bank or any regulated organization has and builds a complete framework around their requirements in an easily understandable, useable and mappable format. Following that, with the help of the Compliance Mapper, C2C can efficiently map regulation to regulation, standard to regulation, standard to best practice, or best practice to standard or regulation. Additionally, C2C brings in user content—policies, procedures, and even their own control framework—and map them into a framework the user requires. Crutchley quips, “If you wanted a Harry Potter booking compliance mapper, we could deploy that in no time as well.” It can determine the impact of a specific regulation on a policy when changed or vice versa and allows organizations to focus on areas of potential risk that need critical attention. Besides, the mapper comes with an indicator that shows if a mapping is good, bad, or indifferent if it requires adjustments, and who mapped it.
MyRiskAssessor™ (MyRA a component of Compliance Mapper) is a robust risk evaluation tool in the C2C’s solution stack that includes two major components: asset risk and business impact analysis service risk. Identifying asset risk is increasingly costly and complicated. MyRA is an intuitive tool that simplifies the process and helps in detecting threats related to vulnerabilities, controls, and policies to control asset risk exposures, leveraging built-in threat libraries efficiently. “For service risk, MyRA can integrate with business continuity management tools and have all of those frameworks built in the Compliance Mapper,” adds Crutchley. Moreover, C2C’s regulatory library isn’t for compliance just in the US; it’s completely international and supports multiple languages as well, particularly Spanish and French.
While our company set out with just 500 regulations in its arsenal, currently it has over 10,000 regulations, standards, and best practices built into Compliance Mapper and we are growing daily
The firm’s Regulatory Change Management Solution monitors and manages the regulatory changes besides streamlining compliance in a rapidly changing regulatory environment. C2C is also aiding GRC vendors with content and support for their GRC products.
The company has partnerships with other GRC solutions vendors which they provide content for. The content and functionality of Compliance Mapper is easily transported into these solutions through C2C’s simple to use APIs. “We see ourselves as a support solution as well as our own solution option,” says Crutchley. In a recent project C2C provided a large financial institution with a regulatory library of over 8,000 regulations together with the supporting regulatory change option and alerting capability, which resulted in a major success for C2C and proved their large-scale capability and mapping back to the clients’ organization hierarchy. The institution now has a better understanding of the relationships from their business to their regulatory requirements and a more comprehensive view of their obligations.
For the foreseeable future, C2C is endeavoring to improve the speed of their mappings and is looking to automate the entire process. The company is currently working on different ideas and projects to enhance their capabilities.