We will publish ISO 9001 framework in Cyberday during next week.
ISO 9001 will be fully supported, but it will be labeled as a "supporting framework", as we recommend always using it in connection with information security frameworks - not by itself.
Read more about the topic from our blog.
We are currently working on the DORA framework and aim to publish it in Cyberday during next couple of weeks.
We're creating a new, automated monthly report, that is mostly designed for top management communication.
The report will display main metrics from your account along, summarize the progress you've made during the month and show some related key information.
This report is not too lenghty and makes it easy to showcase your done information security work in a positive way. 👍
Soon you can enable "distribute to employees via Guidebook" for the reports you want everyone to read.
After you've done this, the report will be displayed to selected employees in Guidebook. Employees need to open the report and confirm it as read - similarly as for guidelines.
We published a new Metrics-page. You will find it in the left menu - by default under the "More" button, but you can pin the page to the top of the left menu if you want.
On the Metrics page, you can define the key metrics of information security management that are most relevant to your organization's work. There are a total of 20+ metrics depending on the amount of frameworks you have enabled. You can edit the goal values for different metrics yourself. There are three different types of meters:
In the future, the meters will be used in the so-called with the management's monthly reports, where the implemented meters automatically jump in.
For organizations that want to delegate risk assessment work to asset owners, we just published a new feature: asset-based risk identification.
If you enable this feature from Settings, the selected asset's documentation cards will show a pending risk identification workflow.
With the help of this workflow, asset owners identify detailed and relevant risks for this asset. Then they can continue normally forward with the risk workflow - straight from the asset's documentation card.
We published improvements to the information security risk management table and to the risk workflow.
Workflow for risks is now more clearly divided to the 4 main steps: identification, evaluation, treatment and monitoring.
Each step display a short instruction on what to do, and specific action buttons on the rows of the actual risks.
We will be adding some related changes to the risk documentation cards soon, that will support utilizing this renewed table even better.
The Cybersecurity Capability Maturity Model (C2M2) helps organizations evaluate their cybersecurity capabilities and optimize security investments.
This level includes the MIL1 requirements and other measures included in other supported frameworks, giving an estimated 50% coverage of the full framework.
We extended the functionalities on User stats -page and also at the same time moved it to a more prominent position on the left menu.
Now you'll have 2 separate tabs on the page:
You have plenty of other filters also at your disposal on the "All ownerships" -tab.
We are developing a visual mode to documentation cards, through which you can understand the connections between different items better.
A switch is planned to show up on top of the card to enable the visual mode. Editing would still be normally done from the card view.
We are currently making improvements to the information security risk management table and to the risk workflow.
At the same time, we will introduce the possibility to deploy asset-specific risk assessments, which will allow the organisation to direct the owners of key assets (e.g. data system, data store, provider, site) to conduct a risk assessment that will go through the most important threats associated with that asset type.
The changes will be implemented so that they do not break or render useless any work previously done in related sections.
More information coming soon. 👍
Compliance reports are a main tool during information security audits.
Soon there will be a special compliance report search there to help you easily navigate to sections related to a certain topic that is discussed.
You'll see the search button on the fixed left menu and the results will be displayed on top right. Clicking takes you to the proper part of the report.
Internal auditors can now also type down other important notes when reviewing a requirement.
You can add either "positive findings" or "other notes", which can be used to e.g. document down what kind of evidence was checked when reviewing the requirement and related actions.
All notes are also then summarized on the audit's main documentation card.
You can now also select the review interval "No review" for wanted guidelines. These guidelines are then not included in the normal review cycle of guidelines.
You can use this selection for guidelines e.g. for things that are relevant only in the onboarding phase.
We improved usability e.g. with the "linked participants" selects and numerous other places.
We also improved saving your table sortings / filters / pages even better.
Let us know about any annoying small fixes to do - we're committed in implementing them fast.