About The Project

The Consensus Controls Project is underwritten and supported by Brightfly, an open source security and compliance research and advisory group. We created this tool to answer the simple question of what constitutes due care in today’s regulatory landscape; due care being defined as that which a reasonable person in similar circumstances would do. Unfortunately, it has been next to impossible to identify any commonality across industries or geographies with regards to what would be ‘similar circumstances’. Likewise, because information sharing has been difficult, we found it equally frustrating to identify a baseline of ‘reasonable’ controls for a given industry, risk profile, or geography with regards to specific regulatory burdens.

It is because of this void in information sharing and the frustration in defining our control environments that we launched The Consensus Controls Project. The Project is a free resource for organizations to anonymously share their controls, test plans, and other pertinent information to shift the conversation with auditors and stakeholders from one centered on the volume of controls and testing frequency, to one of a higher value, based upon the true risks to the organization as perceived and shared among peers.

We hope you find this resource useful, and we welcome your feedback on how we can improve the service.

You can follow us on Twitter: @DefiningDueCare or send us e-mail at: info@consensuscontrols.org

You can also follow our progress on The Project through our blog:

Whatever method you choose, we look forward to providing this service to you, the community.