The dashboard is a crucial tool for monitoring your organization's cybersecurity progress. Each chart presented offers detailed insights and actionable data to help manage and improve your cybersecurity measures effectively. Below is a guide on how to navigate and understand the various components and charts included in your dashboard:

Using the "Learn More" Feature:

• Learn More : Beneath each chart on the dashboard, there is a "Learn More" link. When you click on this link, you are seamlessly redirected to a dedicated page within the app that the charts information came from.

Accessing Help Information:

• Help Icon: For a deeper understanding of each chart and its functionalities, click on the “Question Mark” icon. This feature provides detailed explanations about what each chart represents and how to interpret the data.

Key Charts and Their Functions:

Each chart on the dashboard is designed to provide specific insights:

1.    Implementation Progress:

·        Purpose: Tracks the progress of implementing cybersecurity controls across your organization's assets.

·        Details: Includes guidelines and status updates for each asset. Status indicators are: No, Not Started, Not Applicable, Done, Reviewing, In Progress, On Hold.

·        Visualization: Displays an aggregate view of the status of all work instructions, helping identify areas needing attention.

2.    Training Status:

·        Purpose: Monitors the completion of required cybersecurity awareness and training courses by employees.

·        Details: Indicates which employees have completed their training and who still needs to complete theirs.

·        Visualization: Provides a clear visual representation of training completion rates, pivotal for compliance and security posture.

3.    Vendor Updates:

·        Purpose: Keeps track of software, hardware, and virtual components added to your system, along with their vendor information.

·        Details: Ensures that contracts or policies are uploaded and that the Privacy Officer's contact information is provided.

·        Visualization: Shows whether vendor information is complete or incomplete, essential for maintaining reliable and secure vendor relationships.

4.    Cybersecure Canada Assessment:

·        Purpose: Offers a detailed view of the results from a cybersecurity assessment consisting of 21 questions.

·        Details: Shows the percentage of "Yes," "No," and "Not Answered Yet" responses.

·        Visualization: Assists in evaluating the effectiveness of your cybersecurity measures and highlights areas of strength and those requiring improvement.

Departmental Progress:

• Department-Specific Charts: In addition to the overarching security charts, the dashboard also displays charts specific to each department’s progress. This allows for targeted management and improvements across different areas of the organization.

Here's a comprehensive guide on how to utilize the functionalities within the Departments Page to expand and organize your organization's structure by adding new departments, managing company members, and handling assets effectively.

Adding Company Departments

To streamline the process of adding new departments to your organization, follow these steps:

1.    Navigate to the Identify Section:

·        Go to the menu on the left side of your screen and locate the "Identify" section.

2.    Access Department Settings:

·        Click on "Departments" within the Identify section to manage departmental information.

3.    Add New Departments:

·        To begin adding departments, click on "Add New Departments."

4.    Enter Department Details:

·        Fill in the required details for each new department you want to add. Ensure all information is accurate to facilitate effective organization management.

5.    Save Your Entries:

·        After entering the details, click on "Save" to secure the information and officially add the departments to your organization.

Adding and Managing Company Members

Expand your organization's membership efficiently through the Department section by following these steps:

1.    Access Governance:

·        Select “Governance” from the main menu.

·        Click on “Departments”.

2.    Edit Department:

·        Find the department to add members to and click the pen icon next to it.

3.    Add Member:

·        In the department's page, click on “Add Member”.

·        Select “Add New Member”.

4.    Enter Member Details:

·        Fill in the form with the member’s information.

·        Click “Save” to finalize the addition.

5.    Verify Addition:

·        Ensure the new member appears in the department’s member list.

Risk Management

The Risk Management Page is designed to facilitate a comprehensive understanding and management of potential risks your organization might face. Below is a detailed guide on how to use this page to manage risk scenarios, including steps to create or update incident plans.

Managing Risk Scenarios

1.    Accessing Risk Scenarios:

·        Go to the main menu and select the "Identify" section.

·        Click on "Risk Scenario". This will display a list of potential risk scenarios your organization could encounter.

·        Choose a specific scenario, for example, "Financial loss through Ransomware".

2.    Exploring Specific Risk Scenarios:

·        A video will play, providing a detailed explanation of the risk scenario. Next to the video, you will find a "Description" of the risk.

3.    Review Incident Management Plan Status:

·        Below the description, check the "Incident management plan status" which includes a link to access the respective plan.

·        Also, review details like "Optimum Investments", "Risk at Value", which are tailored based on your company's financials.

4.    Mitigation Options:

·        On the top right corner of the page, click on "Mitigate" to start the process of mitigating the risk.

5.    Understanding the Flow of Risk Scenario:

·        Scroll down to find a diagram that explains the flow of the risk scenario, including all possibilities and each risk.

·        The diagram will show which assets are affected and the controls in place for these assets. You can also see the status of these controls and the threat probability.

6.    Reviewing Ransom Demand and Incident Plans:

·        At the bottom of the page, the "Ransom demand value" is listed along with a link labeled "here" which redirects you to the "Incident Plan" page.

1.    Navigate to Incident Plans:

·        Go to the "Response and Recover" section in the menu.

·        Under "Incident Management", select "Incident Plans".

2.    Review or Create Incident Plans:

·        You will find an incident plan already created for your organization tailored to the specific risk scenario.

·        Update the plan as necessary to reflect current best practices and ensure it aligns with your organization's strategic objectives.

Repeat for All Scenarios

• Repeat steps 1 through 6 for each risk scenario listed under the "Risk Scenario" section to ensure all potential risks are managed effectively.

Risk Assessment 

To effectively manage and document risk assessments within your system, follow these steps:

1.    Navigate to Risk Management:

·        Go to the “Identify” section of your platform.

·        Click on “Risk Management” and then select “Risk Assessment”.

2.    Review Risk Assessment Table:

·        On the risk assessment page, locate the table that includes a list of risk IDs.

·        Each risk ID is associated with Risk Scenarios that were mitigated earlier.

Policy Training

Ensure Understanding of Organizational Policies:

1.    Accessing Policy Training:

·        Within the “Training” section, you will find “Policy Training.”

·        This training is specifically tailored based on your organization’s policies to ensure employees fully understand the policies they are required to adhere to.

Training Plan

Develop and Manage Annual Training Plans:

1.    Create Annual Training Plans:

·        Go to “Training Plans” and click on “Detailed Plan.”

·        This allows you to plan and schedule training activities divided into quarters.

2.    Edit Quarterly Training Plans:

·        Select a quarter and click on the pen icon to make edits.

·        Fill in the necessary details and click “Save” to update the training schedule.

3.    Publish and Document Training:

·        Once the training plan is finalized and details are set, publish the plan.

·        To document the completion of training, navigate to “Evidence” and upload the necessary proofs such as certificates or signed forms.

Certification Report

Upload and Manage Certifications:

1.    Cybersecurity Certifications:

·        If you or any of your employees have attained cybersecurity certifications, you can upload these by clicking on “Upload Certifications.”

·        This helps in keeping track of qualifications and ensuring that they are up-to-date.

Guidelines

In Guidelines you can start implementing the procedures for whatever standard you want to get certified in.

Implementing Procedures for Asset Protection

To effectively manage and secure both critical and non-critical assets within your organization, follow these detailed steps:

Initial Setup

1.    Navigate to the Protect Section:

·        Go to your menu and head to the "Protect" section, then select "Procedures".

2.    Generate Procedures:

·        Click on "Generate Procedures" to create procedures for the assets you've added under "Departments".

3.    Select Appropriate Regulation:

·        In the "Select Regulation" part, choose the Appropriate Regulation that you want to get certified in.

·        For instance you Want to get CyberSecure Canada certified then choose "CyberSecure-Canada-L1:2021" as the standard you are implementing.

4.    Focus on Critical Assets First:

·        start with Critical Assets" for better prioritization and management. Click on "Critical Assets".

Procedure Implementation for Each Asset

5.    Review and Process Critical Assets:

·        Upon selecting "Critical Assets", the relevant assets will appear under "Overall Procedures". Go through each asset individually.

6.    Work Instructions:

·        Start by clicking on the work instructions for each asset. These are detailed steps aligned with the CyberSecure Canada Control.

7.    Assign Work Instructions:

·        Each work instruction, accessible via a link, redirects to a document with steps to comply with the CyberSecure Canada control. Assign each instruction to a suitable team member.

8.    Complete and Document Steps:

·        After completing the steps in the document, take a screenshot as evidence.

9.    Upload Evidence:

·        Click on "Evidence", then on "Add New Package". Follow the instructions to upload the necessary evidence files and then click on "Save".

10.   Update Status to Done:

• Once evidence is uploaded and saved, change the status of the work instruction to "Done".
  

11. Repeat for Each Work Instruction and Asset:

• Continue this process for each work instruction and for each critical asset.
  

Process for Non-Critical Assets

12.  Proceed with Non-Critical Assets:

• After completing critical assets, click on "Non-Critical Assets" and repeat the same procedure.

Incident Management

Incident management is a critical component of an organization's response strategy to handle potential disruptions effectively. Here’s a step-by-step guide on how to manage incident plans and how to report an Incident using your system’s Response and Recover section.

Incident Plans

1.    Access Incident Plans:

·        Navigate to the “Response and Recover” section.

·        Click on “Incident Plans” to view, create, or modify plans.

2.    Create a New Incident Plan:

·        Within the Incident Plans section, click on “Create Incident Plan”.

·        Follow the prompts to input details about the incident scenario, response strategies, resources needed, and any other relevant information.

3.    Assign an Owner:

·        Click on “Owners” to assign responsibility for the incident plan.

·        A list of members you've added to the system will appear.

·        Choose the appropriate person to be assigned to the plan and click “Save”.

4.    Download the Incident Plan:

·        To obtain a copy of an incident plan, click on “Files”.

·        Look for the “Download Icon” next to the desired plan and click on it to download the plan to your local storage.

 

5.    Manage the Status of the Incident Plan:

·        Change or update the status of an incident plan by using the “Status” dropdown menu.

·        Select the current status of the plan (e.g., Active, In Review, Completed) to reflect its current state.

6.    Upload Evidence:

·        Click on “Evidence” to support the implementation or effectiveness of the incident plan.

·        Select “Add a new Package” to include new evidence.

·        Fill in the required details and upload the necessary files.

·        Once all files are added, click “Save” to update the evidence package.

Analyzing Context

1.    Access Governance Section:

·       Navigate to the menu and scroll to locate the "Governance" section.

2.    Open Context Settings:

·       Within the Governance section, click on "Context."

3.    Use Organization Context Analyzer:

·       After uploading your files in the “Organization” section under “Files,” proceed to click on "Organization Context Analyzer." This tool will automatically analyze the files and populate the organization context for you.

4.    Edit Organization Context:

·       If adjustments are needed, click "Edit" to modify the information manually or utilize the AI-assisted features.

5.    Utilize AI for Enhanced Editing:

·        On the editing page, look for yellow stars next to some fields. These stars indicate that AI suggestions are available to assist you in refining the content.

6.    Save Your Modifications:

·        After making all necessary changes, click on the save icon to ensure that your updates are preserved.

7.    Return to Previous Section:

·        Once you have completed updating the organization context, click “Back to Context Page” to navigate back to the previous section.

Cyber Risk Strategy

To effectively manage and analyze your organization's cyber risk, follow these detailed steps:

1.    Access the Governance Section: Navigate to Cyber Risk Strategy.

·        Scroll through the menu to locate and select the "Governance" section.

·        Within the Governance options, choose "Cyber Risk Strategy."

2.    Use the Cyber Risk Management Strategy Analyzer:

·        Click on "Cyber Risk Management Strategy Analyzer." If financial documents have been previously uploaded, the tool will automatically assess your cyber risk tolerance, appetite, and capacity.

3.    Manual Input if Necessary:

·        If no financial statements are available, click "Edit" to manually input the required information.

4.    Enter Data Manually or Use AI Suggestions:

·        On the editing page, you have the option to manually fill out the data or utilize AI-generated suggestions by clicking on the "Yellow Stars Icon."

5.    Save Your Work:

·        After entering the necessary data, click the "Save Icon" next to the AI suggestions to ensure that all your modifications are preserved. This step is crucial to prevent any loss of data.

6.    Return to Previous Page:

·        Once all entries are complete, click on the "Back" button. This action takes you back to the previous page, allowing you to confirm that all changes have been saved correctly and that no information is missing.

Statement of Applicability

Creating a Statement of Applicability (SOA) for ISO 27001 involves several detailed steps to ensure that your Information Security Management System (ISMS) is aligned with organizational needs and compliance requirements. Here is a step-by-step guide to help you fill out the SOA:

Step 1: Access SOA Template

• Navigate to the Governance section of your platform.
• Click on Statement of Applicability.

 

Step 2: Introduction

• Purpose: Enter a brief explanation of the SOA’s role in your ISMS.
• Example: "This Statement of Applicability (SOA) outlines the specific controls and requirements from ISO 27001 that are relevant and applicable to [Your Organization's Name] ISMS. It serves as a roadmap for implementing and maintaining an effective information security framework."
• Click on the Save Icon to save your entries.

 

Step 3: Scope of the ISMS

• Purpose: Define the scope of your ISMS, detailing the information assets, systems, and processes included.
• Example: Include lists of departments, types of information assets, and systems covered.
• Exclusions: Mention any exclusions with justifications.
• Click on the Save Icon to save your entries.

 

Step 4: Context of the Organization

• Purpose: Describe your organization's context, including business activities, industry, and size.
• Example: Detail your business environment and factors influencing information security risks.
• Click on the Save Icon to save your entries.

 

Step 5: ISMS Boundaries and Applicability

• Purpose: Define the boundaries of your ISMS and the applicability of ISO 27001 controls.
• Example: Specify the information assets and systems under the ISMS and the controls applied.
• Click on the Save Icon to save your entries.

 

Step 6: Information Security Risk Assessment and Treatment

• Purpose: Summarize the risk assessment outcomes and treatment strategies.
• Example: List significant risks and describe the mitigation strategies implemented.
• Click on the Save Icon to save your entries.

 

Step 7: Documentation and Control

• Purpose: Describe the documentation and control mechanisms used in managing your ISMS.
• Example: List key policies, procedures, and control management processes.
• Click on the Save Icon to save your entries.

 

Step 8: Interfaces with External Parties

• Purpose: Detail interactions with external parties and related information security controls.
• Example: Describe controls for managing risks from suppliers, customers, and other third parties.
• Click on the Save Icon to save your entries.

 

Step 9: Conclusion

• Purpose: Summarize the key points of your SOA and reaffirm your commitment to information security.
• Example: Reiterate the customization of ISO 27001 standards to fit your organization's needs.
• Click on the Save Icon to save your entries.

 

Step 10: Review and Adjust Annex A Controls

• Scroll to the table containing all ISO 27001 Annex A Control IDs.
• For each control, set the Status as "Applicable" or "Not Applicable" using the dropdown menu.
• Any status marked as "Not Applicable" must include a valid reason in the Notes section.
• Ensure to click the Save Icon after each modification.

 

Step 11: Link Scenarios, Threats, and Assets

• Click on Scenarios to view and link risk scenarios to each control.
• Click on Threats to see associated threats and make necessary adjustments.
• Click on Assets to review and update the list of related assets for each control.

 

Step 12: Final Review and Submission

• Review all entries to ensure accuracy and completeness.
  
• Confirm that all sections are saved and reflect the accurate status of your ISMS.
  

Assessment

When working towards certification in various standards, completing a detailed assessment questionnaire is a crucial step. This questionnaire evaluates your organization’s compliance with specific standards.

Privacy Impact Assessment

1.    Access the PIA Template:

·        Navigate to the “Assessment & Reports” section in your system.

·        Click on “Assessment”, then select “Privacy Impact Assessment.”

·        This will open the PIA template, which is designed to guide you through the assessment process.

2.    Answer the Assessment Questions:

·        The PIA template will include a series of questions tailored to identify and analyze the data protection risks associated.

·        Answer each question thoroughly, providing detailed responses where necessary to ensure a comprehensive understanding of the privacy implications.

3.    Upload Required Evidence:

·        For each question or section within the PIA, there might be a requirement to provide evidence supporting your answers.

·        Click on “Evidence” to upload documents, files, or other proofs that substantiate your responses.

4.    Save Your Progress:

·        Click on “Save” after answering questions or uploading evidence to ensure no data is lost and all information is accurately recorded in the system.

Cybersecure Canada Assessment Questionnaire

Follow these detailed steps to efficiently complete the Cybersecure Canada Assessment Questionnaire, ensuring all requirements are met and documented.

Access the Questionnaire

1.    Navigate to the Assessment & Report Section:

·        Access your system's main menu and select the "Assessment & Report" section.

2.    Open the Questionnaire:

·        Click on the "Cybersecure Canada Assessment Questionnaire" to begin the evaluation process.

Answering the Questionnaire and Adding Evidence

3.    Respond to Each Question:

·        Carefully answer each question based on your organization's current cybersecurity practices and implementation status.

4.    Attach Required Evidence:

·        For each question where evidence is requested, click on the “Evidence” button. Upload the appropriate documents or files that substantiate your answers. This step is crucial for demonstrating compliance with the Cybersecure Canada standards.

Managing Assistance and Progress

5.    Request Assistance:

·        If you encounter a question that requires further clarification or if you need expert help, click on “Add Label” and then choose “Need Assistance”. This action flags the question for further review by your team or external advisors.

6.    Mark Questions as In Progress:

·        If you are in the process of implementing the practices related to a specific question, use “Add Label” to mark the question as “In Progress.” This label helps keep track of areas that are still under development.

Finalizing the Questionnaire

7.    Complete the Questionnaire:

·        Ensure that every section of the questionnaire is completed to the best of your knowledge and capacity.

8.    Download the Report:

·        Once you are satisfied with your responses and the uploaded evidence, click on “Download Report”. This action generates a comprehensive report based on your entries, which can be used for internal reviews, compliance checks, or audit purposes.

FSRA

The FSRA (Financial Services Regulatory Authority) audit is designed to ensure compliance with specific cybersecurity practices, which are often aligned with standards such as ISO/IEC 27001. Here’s a step-by-step guide on how to navigate and complete the FSRA cybersecurity practices audit in your system's "Assessment" section.

Steps to Complete the FSRA Cybersecurity Practices Audit

1.    Access the FSRA Assessment:

·        Navigate to the "Assessment" section of your system.

·        Click on "FSRA" to access the audit page.

2.    Review Introductory Materials:

·        On the FSRA page, you will likely find a video and a description.

·        Watch the video which explains the FSRA's Seven Cybersecurity Practices and how they align with ISO/IEC 27001. This will provide you with a foundational understanding necessary for the audit.

3.    Assess Compliance for Each Practice:

·        Below the introductory materials, you will find a section listing the Seven Cybersecurity Practices.

·        For each practice:

·        Look for a drop-down menu under "Conformity" where you can select your compliance status.

·        It’s important to assess your compliance honestly to identify areas for improvement.

4.    Provide Evidence for Each Practice:

·        Next to the conformity drop-down, there should be an option to upload evidence. Click on "Evidence".

·        Upload relevant documents, such as policies, procedures, audit reports, or compliance certificates that validate your compliance status.

·        Ensure that the evidence is directly relevant to the specific practice you are assessing.

Repeat for Each of the Seven Practices

• Complete the assessment for all seven practices, using the same method of selecting conformity, providing evidence, and saving your progress.

Compliance Reports

The compliance Reports are the last step before the audit . its an internal audit to make sure you didn’t miss anything as well organize everything for your auditor.

ISO 27001 Audit

When preparing for an external audit, the internal audit is a critical step in ensuring compliance with the ISO/IEC 27001 standard. Here's a detailed guide on how to navigate and utilize the "Assessment & Reports" section for the ISO 27001 Audit:

Step 1: Accessing Compliance Reports

1.    Navigate to Compliance Reports:

·        In your system, go to the “Assessment & Reports” section.

·        Click on “Compliance Reports.”

2.    Select ISO 27001 Audit:

·        Click on “ISO 27001 Audit” within the compliance reports section to start your internal audit process.

Step 2: Purchasing and Reviewing the ISO 27001 Standard

1.    Purchase the Standard:

·        In the top left box of the ISO 27001 Audit page, find and click on “ISO.org($200)”.

·        This link will redirect you to the ISO website where you can purchase and download the ISO/IEC 27001 standard.

Step 3: Audit Progress and Implementation

1.    Audit Progress Chart:

·        Observe the chart in the top right side box to check your progress in the audit.

2.    Control Implementation and Audit Guides:

·        The page will display a table listing all controls from the ISO/IEC 27001 standard.

·        Click on “Implementation Guide” next to each control for guidance on implementing that specific control.

·        Click on “Audit Guide” for insights on how to audit that control.

3.    Audit Evidence:

·        Click on “Audit Evidence” to see what evidence is required for each control according to the ISO/IEC 27001 standard.

Step 4: Linking and Uploading Evidence

1.    Evidence Guideline in MapleGRC:

·        This will indicate which page of the app contains the required evidence.

·        Use “Link in MapleGrc” to navigate directly to the appropriate page for gathering evidence.

2.    Selecting Conformity:

·        Click on “Select Conformity” and choose the appropriate response from options like Compliant, Partially Compliant, or Non-Compliant.

3.    Uploading Evidence:

·        For creating a PDF of the necessary pages, press Ctrl + P, save the PDF, and then upload it by clicking on “Evidence”

·        Then  Click on “Add New Package” then Fill out details and don’t forget to click on “Save”

Step 5: Managing Table Navigation

1.    Navigating the Table:

·        If you need to access parts of the table that are not visible, scroll to the bottom of the page to use horizontal navigation.

·        Scroll back up after adjusting your view to continue updating the necessary details.

Finalizing the Audit

1.    Review and Save:

·        Ensure all entries are accurate and that all evidence is correctly linked and documented.

·        Save your progress frequently to avoid data loss.

2.    Final Review:

·        Perform a final review to ensure that all aspects of the audit are complete and compliant before the external audit.

CyberSecure Canada Audit

To ensure your organization is fully prepared for a CyberSecure Canada audit, follow this step-by-step guide to fill out the compliance report in the Assessments & Reports section of your application.

Accessing the Compliance Report

1.    Navigate to the Compliance Report:

·        Go to the main menu and select “Assessments & Reports”.

·        Click on “Compliance Report”.

2.    Select the CyberSecure Canada Audit:

·        Within the Compliance Report section, find and click on “CyberSecure Canada Audit”.

Understanding and Using the Standard

3.    Download the CyberSecure Canada Standard:

·        To better understand the standards and how to map controls to the evidence, click on “Download Here” to obtain the official CyberSecure Canada Standard document.

Filling Out the Audit Table

4.    Review the Audit Table Structure:

·        The table is divided by grey sections representing different areas of the standard, such as “4.1 Leadership”. Each section corresponds to specific parts of the CyberSecure Canada Standard.

5.    Understand Each Control:

·        For each control, note the “ID” and “Title”. This helps in identifying what specific requirement or control the evidence needs to support.

6.    Provide Evidence Location:

·        For each control, provide guidance on where the evidence can be found within your application. This might include a description like “Evidence Guideline MapleGRC” followed by a direct link to the evidence.

7.    Select Conformity Status:

·        Click on “Conformity” for each control. Choose “Conform” if your practices are in line with the standard. If not, select the appropriate status that reflects your situation (e.g., "Non-Conformity", "Minor Non-Conformity").

8.    Upload the Evidence:

·        For each control, click on “Evidence” and upload the required documents, such as screenshots or PDF reports, that provide proof of compliance.

Repeat for All Controls

9.    Complete Each Control:

·        Repeat steps 5 to 8 for each ID in the table. Ensure that every control listed in the CyberSecure Canada Standard is addressed and documented with appropriate evidence.

Final Steps Before the Audit

10.                    Review Your Entries:

·        After filling out the table for all controls, review your entries to ensure everything is accurately documented and that all evidence accurately reflects your compliance status.

11.                    Prepare for the Audit:

·        Once you have completed the compliance report and uploaded all necessary evidence, you are ready for the CyberSecure Canada Audit.

PCI DSS

To start the PCI DSS assessment, follow these structured steps:

1.    Accessing the PCI DSS Assessment:

·        Navigate to the "Assessments" section within your dashboard.

·        Click on “PCI DSS” to access the specific assessment area for Payment Card Industry Data Security Standard (PCI DSS).

2.    Review the List of Audits:

·        On the right side of the page, you will see a list of audits that are required to be completed as part of the PCI DSS compliance process.

3.    Understanding the Audit Structure:

·        Control ID Table: Look for a table on the left side that displays the “Control ID” for each security control. This ID is crucial for identifying and referring to specific controls during the audit.

·        Tools Section: Next to the Control ID table, in the “Tools” section, there are links provided. These links will redirect you to documents containing detailed instructions for implementing and evaluating the controls.

4.    Uploading Evidence:

·        After you have followed the instructions for a control, navigate to the “Evidence” button.

·        Upload the required evidence that verifies the implementation and effectiveness of each control.

5.    Repeat for Each Audit Item:

·        Repeat the process of reviewing instructions, implementing controls, and uploading evidence for each audit listed on the right side.

NIST 800-53

To begin the NIST 800-53 assessment, follow these steps:

1.    Accessing NIST 800-53 Assessment:

·        Navigate to the "Assessments" section.

·        Click on “NIST 800-53” to open the specific assessment dashboard.

2.    Reviewing the List of Audits:

·        On the right side of the dashboard, you will see a list of audits that need to be completed.

3.    Understanding the Audit Structure:

·        Control ID Table: On the left side, there will be a table displaying the “Control ID” for each security control.

·        Tools Section: Next to the Control ID table, in the “Tools” section, you will find links. Click these links to access documents with detailed instructions for implementing and assessing the controls.

4.    Uploading Evidence:

·        After implementing the controls as per the instructions, click on “Evidence”.

·        Upload the required evidence that demonstrates compliance with each control.

5.    Repeat for Each Control:

·        Repeat the above steps for each item listed in the audit list on the right side.

Asset Analysis

Navigating to Asset Analysis

1.    Accessing Asset Analysis:

·        In the “Organization” section, click on “Asset Analysis”. This will take you to the overview of asset compliance and readiness.

Understanding the Asset Analysis Interface

1.    Analyzed Assets:

·        Located at the top right side of the page, this box displays the number of assets that have been analyzed in accordance with the chosen regulation.

2.    Pending Assets:

·        On the left side, this area lists assets that are awaiting analysis. These are the assets that have not yet been evaluated for compliance with specific controls.

Initiating Asset Analysis

1.    Requesting Asset Analysis:

·        Click on “Request Asset Analysis” to start the evaluation process for the assets listed under "Pending Assets".

·        After clicking, the list of these assets will appear on the right side of the screen.

viewing Asset Support for Controls

1.    Asset Support Evaluation:

·        Go through the list. Next to each asset, check the “Support Control” status, which indicates whether the asset can support the control (Yes/No).

Handling Non-Compliant Assets

1.    Addressing Gaps with Upgrades:

·        If “Supports Control” shows “No”, indicating a gap, look for an “Upgrade” option beneath it. This option will detail if there is an upgrade available that can enable the asset to support the control, including the cost per user per year for upgrading.

2.    Considering Replacement Options:

·        If upgrading is not feasible, check for “Replacement Options”. Under “Alternative”, it lists alternative assets that can support the control if the current asset cannot.

3.    Identifying Lack of Tools:

·        Sometimes, you might find a yellow bubble labeled “No Tool”, which means there are no assets currently in your inventory that can cover the selected control.

Insurance

 Accessing the Insurance Section

1.    Navigate to Insurance Management:

·        Click on “Organization” in the main menu of your application or system.

·        From the dropdown or list of options, select “Insurance”. This will take you to the insurance management area of the platform.

Uploading Insurance Documents

1.    Initiating Document Upload:

·        Look for and click on the “Upload Insurance Documents” button. This action will open a form or a section where you can enter details about the insurance document and upload the file.

Fill out the details and upload the document in  “Files” then when your done don’t forget to click “save”.

1.    Filling Out Insurance Details:

·        Fill in the required fields in the form.

·        In the “Files” section or area, click on the upload field or button.

·        Click “Save” to finalize the upload process. This will securely store the document and the details in your system.

Evidence Manager

In “Organization” click on “Evidence Manager” . this is where you can mange any evidence files that is uploaded and if you want to upload a new evidence file click on “Add New Evidence”. Accessing Evidence Manager

1.    Navigate to Evidence Manager:

·        Click on “Organization” in the main menu of your application or system.

·        From there, select “Evidence Manager”. This section is dedicated to managing all evidence-related files for your organization.

Uploading New Evidence Files

1.    Initiate the Upload of New Evidence:

·        Look for the button or link labeled “Add New Evidence” and click on it. This will typically open a new form or dialogue where you can input details and attach files.

2.    Filling Out Evidence Details:

·        Complete the form by entering the necessary information related to the evidence file.

·        Click “Save” to upload the evidence file to the system.

Files

1.    Access the Data Upload Interface:

·        Open the menu on the left side of your interface.

·        Scroll down to the "Assessments and Reports" section.

·        Select "Organization" and then "Files" to be directed to the correct page for data upload.

2.    Upload Your Documents:

·        Click on the “Upload File” button.

·        Upload crucial files such as your organization’s annual report, business plan, financial statements, product descriptions, and other relevant documents.

3.    Alternative Document Upload:

·        If certain documents like vision and mission statements or detailed business plans are not readily available in file form, navigate to your organization's website.

·        Convert the relevant web pages to PDF format by going to the web page and clicking CTRL+ P then save PDF.

·        Upload these PDFs using the same “Upload File” button.

4.    Begin Data Analysis:

·        Once your documents are uploaded, the AI analyzer will automatically process the information.

·        This system is designed to extract key data from your files and enter it into the app, which helps in streamlining future processes and enhances data-driven decision-making.