Lockpath is a
governance, risk management, and compliance and
information security
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
software platform based in
Overland Park, Kansas. Its Keylight platform integrates
business processes
A business process, business method or business function is a collection of related, structured activities or tasks by people or equipment in which a specific sequence produces a service or product (serves a particular business goal) for a parti ...
to simplify
risk management and
regulatory compliance
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Compliance has traditionally been explained by reference to the deterrence theory, according to which punishing a behavior will decrease the viol ...
challenges. Common business areas Lockpath target are
policy
Policy is a deliberate system of guidelines to guide decisions and achieve rational outcomes. A policy is a statement of intent and is implemented as a procedure or protocol. Policies are generally adopted by a governance body within an organ ...
and procedure management,
risk assessment,
incident management
An incident is an event that could lead to loss of, or disruption to, an organization's operations, services or functions. Incident management (IcM) is a term describing the activities of an organization to identify, analyze, and correct hazards ...
,
vulnerability management,
vendor management,
business continuity planning
Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning (or business continuity a ...
and
internal audit
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to ...
preparation.
Lockpath was founded by Chris Caldwell and Chris Goodwin in 2010 to develop and sell governance, risk management and compliance software. Lockpath is headquartered in
Overland Park, Kansas. Lockpath was purchased b
NAVEX Globalin 2019.
Products
Keylight Platform
Lockpath launched the Keylight Platform and their first application, Compliance Manager, in October 2010. The initial launch consisted of a regulatory content and controls library fully integrated with the Unified Compliance Framework (UCF), workflow capabilities and a reporting engine. Keylight 1.2 introduced the Threat Manager and Vendor Manager applications. Keylight 2.0 launched the Dynamic Content Framework and introduced two new applications, Incident Manager and Risk Manager. SE Magazine's Peter Stephenson described Keylight as a "...family of applications
hathelps
organization
An organization or organisation (Commonwealth English; see spelling differences), is an entity—such as a company, an institution, or an association—comprising one or more people and having a particular purpose.
The word is derived from ...
s manage enterprise risks and demonstrate compliance by providing visibility into corporate risk and
security controls. The ready-to-use toolset integrates all applications under a single
user interface
In the industrial design field of human–computer interaction, a user interface (UI) is the space where interactions between humans and machines occur. The goal of this interaction is to allow effective operation and control of the machine f ...
, unifies and correlates any amount of security content, exposes
vulnerabilities
Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally."
A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...
throughout the organization by tracking and recording key information about secured assets, and creates an iron-clad
audit
An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing ...
history."
Keylight 2.4 introduced the Business Continuity Manager application and gave users the ability to create
business continuity plans, conduct
Business Impact Analyses, and perform tabletop exercises to test business continuity plans. Keylight 3.0 included an integration with the
Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), a framework designed for healthcare organizations. Keylight 3.3 introduced the Audit Manager application and renamed Threat Manager to Security Manager. Keylight 3.5 included a hybrid-cloud delivery method for Vendor Manager and the Anonymous Incident Portal. Keylight 4.0 added the Advanced Analytics Engine to the product portfolio.
On 28 October 2014, Lockpath received U.S. patent number 8,874,621 for the Dynamic Content Framework (DCF).
Keylight 4.1 introduced the Keylight Ambassador. It was the first GRC platform to allow for both
SAML
Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based m ...
and
LDAP integration, the first to perform bulk tasks on data records, including data edits, workflow and record deletion, and the first to create ad-hoc reports on historical content. Keylight 4.1 also added support for
syslog data collection.
Blacklight Platform
In 2018 Lockpath launched Blacklight,
Blacklight brings automation to the configuration assessment of servers and corporate devices. The platform utilizes agent technology that continuously assesses devices and systems against Center for Internet Security (CIS) configuration benchmarks, as well as custom benchmarks, to detect misconfigurations that put organizations at risk for breaches or noncompliance.
The Keylight Ambassador
The launch of Keylight 4.1 in November 2014 introduced the Keylight Ambassador, the first hybrid connector on the market to allow users to securely automate data collection processes from on-premise applications, custom applications, applications without
API
An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software Interface (computing), interface, offering a service to other pieces of software. A document or standa ...
s, and applications where ad-hoc data is created.
References
{{DEFAULTSORT:Lockpath
2010 establishments in Kansas
Companies based in Overland Park, Kansas
Software companies based in Kansas
Defunct software companies of the United States