What is a measure?
A measure is a component that an asset responsible can use to indicate certain attributes of the asset. For example, a system responsible may add a measure called “Backup” to the system to document that the system is covered by a backup solution.
What does it mean to link a measure to a generic control?
When a Generic control like “Cold Backup of production system” is linked to a Measure e.g. “Backup”, it is possible to implement the generic control on a system, and then document which “high level” Measures the system is covered by. This becomes an advantage if for instance top management or auditors want to have documentation of high level security measures (Backup, Log Management, Encryption) on certain systems instead of extracts of individual and more detailed Generic controls that are less relevant for specific documentation purposes.
How do I link a measure to a generic control?
Click “+Add new” to open a pop-up window from where you can search for the measures that are associated to this generic control.
If the measure appear with red coloring it is because no value has been chosen on the measure. Click on the edit icon (the pencil) and chose from the drop-down. The measure will then become green once you have clicked on ‘Save’.
Create new measure
Click “Create new” to create a new measure. This feature is limited to client/partition admins. Admin can also manage measures in settings here.