Kyle Engler
Manager | RSM US LLP
Kyle is responsible for the planning and execution of audit and consulting engagements for public and private companies in a variety of industries. In his current role, Kyle delivers advice and consultation regarding complex IT matters, assists with collaboration between client IT teams and business units and is responsible for ensuring that IT and business process controls comply with regulatory requirements and professional standards. He has over seven years of experience assisting clients develop, enhance and evaluate information technology (IT) and business process controls related to operational and compliance audits.
Specific to third party risk management (TPRM), Kyle has led TPRM program maturity assessments, assisted clients with enhancing due-diligence and monitoring procedures, and partnered with clients to execute due-diligence and monitoring procedures.
The TPRM Community Should Adopt OSCAL
Day 2 | Track 2 | 2 - 2:50 PM
The Open Security Control Assessment Language (OSCAL) could significantly change how we assess third party security controls.
Background
OSCAL takes current human readable control information and uses newer quasi-English programming languages (XML, JSON and YAML) to create standard formats that are both human and machine readable.
Developed by the groups behind the federal government’s FEDRamp program (Control requirements, testing and approval for cloud service providers selling services to federal agencies) automates the process of assessing internal controls.
While aimed at the government space for cloud services, OSCAL is following the pattern of other government created standards that have been embraced by commercial companies such as the CVE software vulnerability database, NIST standards such as 800-53 and the AES encryption standard.
OSCAL could have a profound impact on TPRM and those in this space need to identify means of leveraging its potential.
