A blog about GRC (Governance, Risk Management, and Compliance)

A compliance planning tool gives information security managers an automatic plan

[fa icon="calendar"] Wednesday, 01 May 2019 / by Jakob Holm Hansen

There used to be many unknown factors for information security managers to take into account when implementing and maintaining a security standard. That is no longer the case. A compliance planning tool creates a well-arranged plan for the compliance work and automatically combines all the tasks in a single annual plan.

When the information security manager is asked to implement a new security standard, a number of questions immediately arise.

At what level should the security standard be implemented? Is the organisation merely supposed to comply with some general guidelines; is the organisation supposed to comply with all the main provisions, or is certification the aim? Exactly what tasks will have to be carried out, and how can these tasks be formulated? Who will be performing the tasks – the information security manager alone, or will a team be put together? How long will it take to implement? And how do you maintain the security standard once the implementation phase has been completed?

Get a free trial of neupartOne

Automatic project and maintenance plan

To assist the information security manager, we have designed a compliance planning tool.

“It’s easy to doubt whether you are doing the right thing when implementing a security standard and managing a compliance program. One of the advantages of our tool is that it narrows down the broad scope for interpretation. The information security manager doesn’t need to make a whole lot of decisions. The solution indicates what should be done and when, so that you don't waste time doing something that isn’t necessary,” says our CEO, Jakob Holm Hansen.

Let the tool do the work

Jakob Holm Hansen uses the ISO standards as an example:

“They are written in a language that can deter even the best of us. What are they actually saying, and what does it mean? In addition, the ISO standards only describe those requirements that must be met in order to be certified according to the standard in question. However, the level of implementation is not only too sweeping for most organisations, there is also no description of how to comply with the requirements. You have to figure that out yourself.”

“The point is that previously the information security manager was responsible for formulating each individual task in the compliance programme, entering the tasks in the calendar and estimating the annual resource consumption. In our tool all this work is done automatically.”

Based on three simple questions

Our tool is a planning tool for people whose main competences are not necessarily in the field of project management. The tool helps translate something intangible into an operational plan.

The first time you log on, you are asked to answer three simple questions in a wizard:

  • Which security standard(s) do you want to implement?
  • What is your level of ambition with implementation of the standard(s)?
  • What language do you want your it in?

Based on the answers, the tool automatically produces a full project plan covering both implementation and subsequent maintenance of the compliance programme in a single annual plan, which the information security manager can use in the day-to-day work.

“The project plan also serves as documentation and can be shown to the head of department, general management, the executive board, business partners, authorities and others who are interested in knowing how the organisation manages its information security. The level of interest will only grow in the coming years, as information security becomes more and more important in both private and public companies,” Jakob Holm Hansen concludes.

Our compliance tool is a planning tool that helps implement security standards, document and visualise progress and maintain a compliance programme in a single annual plan for information security.
Read more about the tool here and learn how to get started

 

Emner: Information Security Management, annual plan, compliance programme

GRC blog

The NorthGRC blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts