Program

Blueprint — Displays the elements of an Organization’s security program. May be used to track the current maturity level of particular elements as well as set high-level goals for areas of improvement.

• Create a Program Blueprint — A User can create a new Program Blueprint for an Organization’s security program with a Blueprint Template or by creating a blank one. A Blueprint can have Elements and Sections that focus on specific aspects of the program. Sections are divided into Implementation levels with indicators at each level that state when the security program has achieved that implementation within their security program.
• Add an Element to a Program Blueprint — A User can add a Program Element to a Blueprint to better organize the different aspects of an Organization’s security program.
• Add a Section to a Program Element — A User can add a Program Section to an Element within a Blueprint. A Section contains Implementation Levels for the topic (e.g. Audits for Compliance) that it covers.
• Add Blueprint Levels to a Program Section — A User can add multiple Blueprint Levels to a Program Section in a Blueprint. These are used to keep track of an Organization’s progress and goals in a particular section of their security program at a high level.

Findings — View and manage Observations, Recommendations, and Action Items across the Organization’s entire security program.

• Observations — A non-biased discovery of something in an Organization’s security program that may need addressing. Important Observations may be elevated to a ‘Finding’.
• Recommendations — A suggestion on how to improve an Organization’s security program. Usually in response to an Observation.
• Action Items — A specific task that an Organization or Point of Contact should perform to improve the security program. Usually in response to a Recommendation.
• Findings Importer — Use the findings importer to import outside resources into the application. One can import observations, recommendations, and action items using the findings importer.
• Convert a Note to an Observation — A user can create an Observation anywhere in the application where notes are located.

Policies — Organize and store important security policies and procedures. Manage Policy Versions and assign Point of Contacts to review and acknowledge policies.

• Create a new Program Policy — A User can create a new Program Policy, which can have several versions.
• Upload a new Policy Version — A User may upload new Versions of a Policy. By default, new versions have a status of DRAFT.
• Approve a Policy Version — A User may ‘Approve’ a Policy Version. This sets the Status to APPROVED. This also sets previously APPROVED versions to OLD. The most current APPROVED version is the default version.
• Assign Reviewers to a Policy Version — A User can assign Point of Contacts to review a Version of a Policy. They will receive an email with a landing page link that allows them to review the document.

Responsibilities — Responsibilities track who is Responsible, Accountable, Consulted, and Informed for each element of the security program. The can be used as Blueprint Levels in the Organization’s Program Blueprint.

• Create a Responsibility — A User can create a Responsibility that will track various details about a Section of the security program, including which Point of Contact is responsible, who is accountable, who is informed, and who is consulted.

Meetings — Schedule and keep track of important security meetings.

• Schedule a new Meeting — A User can schedule a Meeting. Added Points of Contact can receive an invite notification about the Meeting.