Some organizations run their own ISMS in Cyberday based on several different requirement frameworks.
In these situations, internal auditing separately for each framework can become an unnecessarily heavy process.
Now Cyberday also supports a operating method where audits can be targeted at selected Cyberday themes. In this way it is possible to audit, for example, 4 themes per year and achieve full coverage (12/12) for the internal audit of the ISMS every 3 years. 👍
We're going to be investing more and more on better help and support materials, which will guide you forward in your Cyberday usage, no matter if you're just getting started, already nicely running or an advanced ISMS admin looking for continuous improvement.
To support this, we renewed the concept in Cyberday Academy a bit. All Academy content is now categorized under topics like "risk management", "ISO 27001", "personnel security" or "getting started", so you can find just the right collection of different kind of materials you need. We also added an own left menu for the Academy, so you can easily navigate to all content. Menu lists the topics, but also the different content formats - help articles, video courses and blog articles. Academy will now regularly start getting new content updates.
So choose your topic or preferred learning type, and start learning with us. 🎓
We improved the usability of embed-type reports (e.g. privacy notices), which are designed to be embedded into your public websites to serve customers / other stakeholders publicly.
Now e.g. the scrollbar is more clearly visible but also matches your selected theme color, so it should nicely look like a natural part of your website.
Any wishes for further improvements are highly encouraged. 👍
Our team will start maintaining a list of upcoming new security frameworks both within Cyberday app and on the Cyberday.ai website.
As a user of Cyberday, you can influence our priorities by upvoting the frameworks that are important for you with short justifications.
You can now pick files from your SharePoint environment related to all the items in Cyberday (tasks, guidelines, documentation). These can be, for example, policy documents related to the task, process drawings describing the connections of a data system, PowerPoint instructions related to staff guidelines, or contracts related to the system provider's card.
To start using the feature, you must fill in the appropriate SharePoint site information under Organization settings in the Settings-page so we know where to retrieve the files from. 👍
We work regularly to identify views that work unnecessarily slowly in Cyberday. We recently made improvements to e.g. all views listing tasks and their assurance information and the Cyber security risks table.
We are also currently developing the speed of the app's first load. Within Teams, this also affects every tab change in the application (Guidebook, Taskbook, Dashboard).
Please feel free to contact our team if you notice points that repeatedly work too "calmly". 👍
When you work e.g. on the framework tasks table, we now better remember the selected filters and sortings you have chosen. When you navigate from a table to a task and back, you can continue directly from the same view.
The same now works better also better on the general Tasks-page.
When you create a report of a single documentation item (e.g. audit), we now show more extensive information on the objects linked to it in the report.
With this, for example, a final report of an internal audit can be archived, and this one document contains e.g. more detailed information on detected non-conformities and the related improvements made.
You can now create a one-time audit report for the defined audit scope (e.g. selected chapters of ISO 27001 standard or any other framework).
This report will help the auditor clearly see the implementation info for each requirement track he's progress - which sections he has already reviewed and which not. Non-conformities can be directly created from the audit report and they will all be summarized automatically on the audit documentation card.
Now you can also disable a user ID in the user management. This works well if, for example, a user in your core team has changed jobs, but there is no replacing person recruited yet. In this situation you can remove access rights, but still understand which contents are assigned to the user who has already been deactivated.
Re-assigning content works in identical way also for previously deactivated users.
We're building a new Community-section to Cyberday, which will enable you to easily ask help from us, collaborate with your peers from similar roles / organizations and get ideas for your work from other community content!
Left menu will get a new Community-section, where everyone will a Support forum and Cyber news feed.
In addition you can customize the community for your personal preferences by joining collaboration groups that interest you the most. We're going to be first publishing some open groups and later expand this to also semi-open and closed collaboration. Collaboration groups will have their own forum section and some news will be shared directly into certain collaboration groups.
All participation on the Community-section will be possible either publicly (with your user profile) or anonymously. All content will also be connected to requirements from frameworks or sections in Cyberday, so discussions get structure and content can later on be displayed on other parts of the app also.
Our goal in this development is to enable sharing best practices and make sure you're never alone while using Cyberday. More info coming up soon. 👍
You can now also use your own Microsoft 365 credentials to log in to our browser interface.
We are developing a global quick search for Cyberday, which helps an admin to easily jump to the item he is looking for, whether it is a list, a report or any individual item (a documentation item, task or guideline).
If you wish, you can now make changes to the settings of published embed reports (e.g. privacy notices), so that the information of supplier companies is not displayed in connection with e.g. data system and data location information.
We've received a good reception for the employee incident reporting features in Guidebook.
Now we're going to expand similar possibilities. In the next phase, employees can also be enabled to report about different kind of non-conformities with the ISMS and about new data systems, which are either recenctly acquired or for some other reason are missing from the ISMS data system listing.