Type | Subsidiary of Navex Global |
---|---|
Industry | Security Management, Governance, Risk, Compliance |
Founded | 2010 |
Founder | Chris Caldwell Chris Goodwin |
Headquarters | Overland Park, Kansas |
Products | Keylight Platform Blacklight Platform |
Parent | Navex Global |
Website | www |
Lockpath is a governance, risk management, and compliance and information security software platform based in Overland Park, Kansas.[1] Its Keylight platform integrates business processes to simplify risk management and regulatory compliance challenges. Common business areas Lockpath target are policy and procedure management, risk assessment, incident management, vulnerability management, vendor management, business continuity planning and internal audit preparation.
Lockpath was founded by Chris Caldwell and Chris Goodwin in 2010 [2] to develop and sell governance, risk management and compliance software. Lockpath is headquartered in Overland Park, Kansas. Lockpath was purchased by NAVEX Global in 2019.
Lockpath launched the Keylight Platform and their first application, Compliance Manager, in October 2010.[3] The initial launch consisted of a regulatory content and controls library fully integrated with the Unified Compliance Framework (UCF), workflow capabilities and a reporting engine. Keylight 1.2 introduced the Threat Manager and Vendor Manager applications.[4] Keylight 2.0 launched the Dynamic Content Framework[5] and introduced two new applications, Incident Manager and Risk Manager. SE Magazine's Peter Stephenson described Keylight as a "...family of applications [that] helps organizations manage enterprise risks and demonstrate compliance by providing visibility into corporate risk and security controls. The ready-to-use toolset integrates all applications under a single user interface, unifies and correlates any amount of security content, exposes vulnerabilities throughout the organization by tracking and recording key information about secured assets, and creates an iron-clad audit history."[6] Keylight 2.4 introduced the Business Continuity Manager application and gave users the ability to create business continuity plans, conduct Business Impact Analyses, and perform tabletop exercises to test business continuity plans.[7] Keylight 3.0 included an integration with the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), a framework designed for healthcare organizations.[8] Keylight 3.3 introduced the Audit Manager application[9] and renamed Threat Manager to Security Manager.[10] Keylight 3.5 included a hybrid-cloud delivery method for Vendor Manager[11] and the Anonymous Incident Portal.[12] Keylight 4.0 added the Advanced Analytics Engine to the product portfolio.[13]
On 28 October 2014, Lockpath received U.S. patent number 8,874,621 for the Dynamic Content Framework (DCF).[14]
Keylight 4.1 introduced the Keylight Ambassador.[15] It was the first GRC platform to allow for both SAML and LDAP integration, the first to perform bulk tasks on data records, including data edits, workflow and record deletion, and the first to create ad-hoc reports on historical content. Keylight 4.1 also added support for syslog data collection.
In 2018 Lockpath launched Blacklight,[16] Blacklight brings automation to the configuration assessment of servers and corporate devices. The platform utilizes agent technology that continuously assesses devices and systems against Center for Internet Security (CIS) configuration benchmarks, as well as custom benchmarks, to detect misconfigurations that put organizations at risk for breaches or noncompliance.
The launch of Keylight 4.1 in November 2014 introduced the Keylight Ambassador, the first hybrid connector on the market to allow users to securely automate data collection processes from on-premise applications, custom applications, applications without APIs, and applications where ad-hoc data is created.[citation needed]