Here you can add, edit and delete measures as well as add measures in bulk on activities, systems or contracts.
Measures can be addedd four places in the system:
- Activities: Organizational security measures
- Systems: Technical security measures
- Contracts: Contract measures
- Assessments: Global assessments projects (Measures can be defined/identified as part of an external IT audit project and thus function without context to Activities, Systems or Contracts. Measures created/identified as part of an IT audit, can afterwards be linked to specific Activties, Systems and Contracts.
Measures can be information you would like to add, e.g., organizational measures are included in the art. 30 (ROPA) report and could include e-learning for employees, business continuity plans or relevant policies and procedures, whereas technical measuers can be encryption, two-factor-authentification or physical security measures and contract measures can be a date for autorenewal, the monetary value of a contract or weather the contract is subject to specific terms.
Create a new measure
Name: Write a name suitable for the measure, e.g., E-learning for employees
Category: Select a a category in the drop-down menu. The category determines which type of security measure you are creating by leaning on a specific scope (activity, system and/or contract).
If no category suits the measure you are creating, you can create a new category by clicking on ‘+’ next to the the category field, write a name and chose a scope and click on ‘Save’. You are able to chose multiple scopes. If you create a measure with a category that is e.g., scoped to systems and contracts the measure will only be available in the drop-down menus on systems for technical security measures and on contracts for contract measures.
If you choose the scope “Assessment” this will enable you to perform Assessment projects in context of the measure. This is useful if you want to setup a continuous update process of your security measures. It can also be effective if your external IT auditor uses the Complyon platform to perform an audit in your organisation. (This can save time for both you and the auditor)
Description: Write a description that explains the details of the measure.
Once the measure has been created it will be added to your list of measures. The list can be filtered by navigating in the Measure Category list on the left side or they can be searched for in the search bar in the top right corner.
Edit or add a measure to activities, systems and/or contracts
You can edit or insert a measure on several activities, systems and/or contracts at the same time from settings. To do this, find the measure you want to edit or add by either navigating through the measure categories in the list on the left side or by using the search bar.
When you have found the correct measure, click on the ‘edit’ icon (pencil) on the right if you want to edit the name, category or decription of the measure.
Click on the name of the measure if you want to upload a document that related to the measure, insert a link on the measure or if you want to bulk-upload the measure to activities, systems and/or contracts (depending on the scope of the measure category). You can navigate to the scopes by clicking on the tabs besides ‘Basic info’ and clicking on the button in the top right corner ‘+Add Activity/system/contract’. Chose the relevant activities, systems and/or contracts and click on ‘Add’. The measure will now automatically appear on the chosen activities, systems and/or contracts. If the measure requires a value to be set, the measure will be colored red in the context until a user has clicked on the ‘Edit’ button and selected a value.
Delete a measure
Find the measure you want to delete either by navigating to it from the measure category list to the left or by using the search bar. Once you have found the measure click on the trashcan icon to the right and then on ‘Confirm’.