Skip to main content

Modules - Compliance

Every organization must comply with standards and regulations. The Compliances module provides a set of tools that will allow the company to comply with regulations and standards.

The Compliance module contains six sections:

1) Standards and regulations - allows the Ciso to manage the compliance of his organizations to standards and regulations. CyberView will specify the organization's need, understanding which standards and regulations the organization has to comply with.

  • The standards and regulations will be provieded to the organization by the Vendor from the Vendor application.

2) My policies - allows the Ciso to upload and manage his own organization's policy and controls.

  • The user will download CyberView's policy template from this section.
  • The user will fill the template with the specific policy and upload it to CyberView.
  • The policy will be managed in the same way as any standard or regulation but will allow the user to Edit ( Add/Edit/Delete Sections/Subsections/Requirements).

3) Audit review - allows the Ciso to manage his audit reviews.

  • define which standards/policies and which versions are under review.
  • watch the Auditor notes and makes the changes necessary(e.g. Open Task, upload files ).

Auditor interface - an interface specified for performing audit review.

  • The Auditor will be able to view the standards/policies allocated by the Ciso incluiding the changes-log inside a questionnaire and leave notes in every requirement.

4) Risk surveys - allows the Ciso to upload and manage his risk surveys and penetration testings.

  • Uploading risk surveys or penetration testings will open a dedicated project in the Projects module where he will be able to follow the progress of reducing cyber security gaps.

5) System surveys - allows the Ciso to manage system surveys to the organization Systems in the Assets module.

  • The Ciso will have the option to choose between A questionnaire that CyberView proviedes or upload his own questionnaires.
  • The Ciso will be able to choose the system which he wants to perform the survey on from the Assets module and manage versions.

6) Supply chain - allows the Ciso to manage his supllier's "Supply chain" questionnaire.

  • The Supply chain section will allow the Ciso to follow the suplliers compliance to the "Supply chain" questionnaire.
  • The Ciso will define his suppliers in the Company module and will send them a link with Username and Password to the supply chain Platform(Version 2.0) where they can fill the "Supply chain" questionnaire.
  • The suplliers answers will be filled in the Supply chain section. The Ciso Will be able to open dedicated Projects and Tasks for the supplier to complete.
  • The Ciso will be able to track the suplliers progress.

Compliance Structure

The compliance is build-out in 4 parts:

Standard list:

A standard is a repeatable, harmonized, agreed, and documented way of doing something. Standards contain technical specifications or other precise criteria designed to be used consistently as a rule, guideline, or definition.

In the standard list will appear all standards/regulations/policies/risk surveys/system surveys (depending on the section) of the organization.

Version:

The Ciso can manage his standards by versions. The version management will allow the CISO to track its organization's compliance with standards in the most accurate way regarding specific current needs. Example for version types:

  • Date - in case the organizations need to comply with standards every year or other time phrase.
  • company - in case the organizations need to comply with the standards for different companies subjected to the organization.
  • Branches - in case the organizations that need to comply with the standards have different branches in different locations.
  • Department - in case the organizations need to comply with the standards of his different divisions.

The user will be able to choose which version is the current version he will work on.

    • the user will be able to work on multiple versions simultaneously if he chooses to.
    • the latest version will be the default version if not specified by the user.

Questionnaires list:

A questionnaire is a set of requirements that the company must answer to comply with the standard.

For each Standard the Ciso will be able to manage questionnaires. The questionnaires management module will allow the user to select a specific questionnaire for a particular version.

The questionnaire structure will include A list of sections, sub-sections(Optional), and requirements.

Section:

  • A section will include a list of requirements regarding the same subject.
  • A section can be divided into subsections.

Subsection:

  • A subsection will include a list of requirements regarding the same subject.
  • A subsection will always be a part of a list of subsections regarding the same section.

Requirement:

A requirement is a specification of what must be done to comply with a specific subject.

  • Every requirement has a title, a description(could be more than one description depending on the complexity of the requirement), and a required answer(could be more than one).
  • For each requirement, the user will be able to open a new or existing Projects and Tasks.

Module flow:

  • When starting to work on a specific standard, the user will choose the current version(could be more than one) he wants to work on.

  • The user will select a specific questionnaire(could be more than one) for The version he created.

  • By pressing on the Standard name, the user will see the list of questionnaires subjected to the chosen current version.

  • By pressing the questionnaire, the user will see the list of sections, subsections, and requirements.

  • In the "My policy" section, the user will be able to add the policy inside the "Questionnaires management" or the questionnaire of the current version inside the standards.

Requirement description:

In the "Requirement description" section, you can add a Description of the requirement by the following fields:

  • Title: The title of the requirement.
  • Description: The description of the requirement.
  • Additional Description?: Additional information about the requirement if necessary.
note

The Description information field lists information that a user can add to the requirement. It has no limit and is not required.

Answers:

The Answers section will specify how a user answers inside the requirement.

  • In the "My policy" section, a user will choose the response necessary to comply with the requirement.
  • There is no limit to the number of questions that a user can add to the requirement.

For each Answers Type, you can add the following fields:

  • Label: The Answers required.
  • Input Type: The type of input that the Answers Type will have by the following options:
    • Textarea: A textarea input.
    • Select: A select input.
    • Checkbox: A checkbox input.
    • Radio: A radio input.
    • Switch: A switch input.
    • Date: A date input.
note

The user can specify the options inside the select, checkbox, radio, and switch inputs if relevant.

Other Modules Integration:

Each requirement can integrate into the following modules:

  • Tasks: The user can assign tasks to the requirement.
  • Projects: The user can assign projects to the requirement.
  • Risks: The user can set risks to the requirement.