Continuous Controls Monitoring (CCM) within GRC systems actively checks the status of automated controls and alerts owners of any changes. For example, a configuration change that has a direct impact on key processes within the organisation would immediately be flagged to the relevant individuals. CCM acts as a detective control to create awareness of these changes as they occur.

Assessing how many of your automated controls are handled using CCM is key for any organisation. Getting the right balance of CCM usage can make the difference between benefitting from this functionality and creating extra work on control owners or too many alerts running the risk that they could be ignored.


At Turnkey Consulting we appreciate that every organisation is different and need tailored ways of managing compliance. We understand that moving to a continuous monitoring approach will involve changing how controls are handled and tested.

As an expert in this field we can also help you to monitor non-standard controls viaCCM. Our wealth of experience within CCM has given us a level of knowledge to advise our clients where CCM can add value to their business and improve their compliance process.