The purpose of this task is for you to provide the description of the Security measures (or IT general Controls) of your organisation. It is important that we base this assessment on your own descriptions. In the example below you can see an example of relevant sections and underlying paragraphs. You may have Sections with content available in this task as examples to edit upon or delete and create your own. – Or you may have a clean/empty sheet to start from.
You may use the Section as main Headline (e.g. Access control) and its underlying Category Description as main paragraph. (e.g. “The way the granting of access is handled is described in a policy document. The policy is part of our IT security policy.”
You can use any existing Category options or create new ones by clicking on the “+”-button to the right of the dropdown menu.
When the Section/category is created, you can add underlying Security measures (which will function as Sub-paragraphs) by clicking on the “+Add measures” button on the specific Section/Category.
When you add a Measures, the Measure Name will function as Sub-headline E.g. “Periodical re-certification of access rights” and the Measure Descriptions will function as Sub-paragraph e.g. “Periodically, i.e. once a year, we review the internal systems of the company including user profiles and access levels to ensure that the procedure related to the termination of employment is followed and that the customers’ data cannot be accessed by former employees of XX A/S.“
See the example below.
It is important that we receive your descriptions in this form, since then we can easily store them and re-use it for next year’s review/assessment. It can also be used for your own IT control management if you gain access to the Complyon GRC platform yourself. This way we provide synergies between your IT audit and your ongoing IT security management system.
Click “Complete” when you’re done.