Cyber Governance

• Privacy Compliance
• Security Compliance
• Security Assessment Questionnaires

Privacy Compliance

Overview

The Privacy Compliance module, a component of the Software-as-a-Service (SaaS) vCISO Workplace, serves as a comprehensive tool for organizations to achieve compliance with international privacy standards, regulations, and frameworks.

Key Features:

• Adherence to Multiple Security Compliance Frameworks: This feature enables organizations to comply with various frameworks like HIPAA, GDPR, ISO 27701, etc., providing flexibility across industries and regions while streamlining efforts and reducing administrative overhead.
• Compliance Status Tracking: The module allows for tracking compliance status and regulatory progress, ensuring transparency and accountability throughout the compliance journey.
• Efficient Documentation: Users can collect, organize, and document evidence for compliance audits efficiently, simplifying the audit process and ensuring readiness.

User Manual

Navigating to Privacy Compliance Module

To navigate to the Privacy Compliance Module.

• Go to Cyber Governance.
• Then Click the Privacy Compliance.

Adding Framework:

• To add a framework or standard, click the "Add Framework" button.

• After clicking the button, you will be redirected to Compliance Information. Then you can choose a framework that you would like to add.
  

• After clicking the "View More" button, there will be a pop-up which allows you to add the standard.

• The framework you have added will be available in the Manage Compliance Tab.

• If you wish to add a timeline to a specific standard, you can click the "Timeline" button.

• Set the Compliance Timeline by defining phases such as Organizational Mapping, Gap Analysis, Remediation Plan, and Assessment. Click "Update" to save changes or choose "MAYBE LATER” to add the timeline later.

• The added framework will now be reflected in the Dashboard, and progress will be updated accordingly.

• To sort it out, you may also select a specific compliance by clicking the "Select Compliance" dropdown.

Dashboard Tab

• Overall Compliance Rate: This component shows the overall compliance rate progress.

• Project Management Timeline: This component shows the Project Management Timeline phases.

Programs: This component shows what standards that you have added.

• Current Compliance: This component shows the current compliance, it also shows the completion bar of each compliance you have added. 

• Track Activity Log: This subcomponent shows the Activity logs indicating the Action, Details and the User who made the action.

Manage Compliance Tab

In this tab you will see the frameworks that have been added.

Compliance Information Tab

In this tab, you can select a framework that you wish to adhere to.

Task Management Tab

The Task Management tab provides a comprehensive view of the compliance project, allowing users to track progress, and ensure that the project is on track to meet its objectives.

• You may also choose a specific Standard by clicking the drop-down option to sort the project management timeline.

If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.

Security Compliance

Overview

The Security Compliance Module is an essential component of our Software-as-a-Service (SaaS) CISO Workplace™, meticulously crafted to ensure organizational compliance with pertinent regulations, laws, and standards concerning data security. It facilitates the identification, evaluation, and management of information security risks while enforcing robust security measures to safeguard sensitive data.

Key Features:

• Comprehensive Framework Adherence: Our module allows adherence to multiple security compliance frameworks such as ISO 27001, NIST, PCI DSS, and AICPA TSC 2017 (SOC 2), offering adaptability across diverse industries and regions, thereby streamlining efforts and reducing administrative overhead.
• Compliance Status Tracking: Real-time tracking of compliance status and regulatory progress ensures transparency and accountability throughout the compliance journey.
• Efficient Documentation: Users can efficiently collect, organize, and document evidence for compliance audits, simplifying the audit process and ensuring readiness.

User Manual

Navigating to Security Compliance Module

To navigate to the Security Compliance Module.

• Go to Cyber Compliance.
• Then Click the Cyber Security Compliance.

Adding a Framework:

• To add a new framework or standard, click the “Add Framework” button.

• After clicking the “Add Framework” button, you will be redirected into the "Manage Compliance" tab.
  
• Then click the "Add New Framework" button.

• In the search box, type the desired framework, e.g., ISO 27001 v2022, and click “View More”.

• click the "Add Standard" button

• After adding the framework, set the Compliance Timeline, comprising four phases: Organizational Mapping, Gap Analysis, Remediation Plan, and Assessment. Adjust the start and end dates for each phase as needed. Click "Update" to save changes or select "MAYBE LATER" to add the timeline later.

• The added framework will reflect in the Dashboard along with the Timeline.

• To view the entire compliance timeline, click the highlighted framework name on the right portion.

• Customize the view by setting it to day, week, or month, and toggle the "Show Task List" accordingly.

Manage Framework:

• Navigate to “Manage Compliance” and click “View Details”.

• The framework dashboard will display.

               * Click the icon next to the section number to reveal tasks.

               * Assign tasks by selecting an assignee from the dropdown list.

               * Update task status by selecting from the dropdown list.

               * The progress bar reflects the current status set in the “Status” column.

               * Sub-sections and their details are displayed on the right side.

• To add attachments/evidence, return to “Manage Compliance”.

• To upload a document, click “Upload a Document”, located at the Manage Compliance tab.

• Select Files, choose the desired files, and click “Upload”.

• To add evidence for each sub-section, navigate to the “Attachments” tab and click “Add Evidence”.

• Select the file as evidence and click “Select File”.

• The added evidence will be displayed.

• Preview uploaded files by clicking “Eye” icon.

Dashboard Tab

• Implementation Maturity: In this section, you will find visual representations detailing the current implementation maturity or status of the framework that has been added.
  

• Progress:The progress component gives a quick overview of how much progress has been made in implementing or complying with each framework.

• Milestone Events: This component is designed to assist in monitoring and managing important milestones related to various standards or frameworks. By displaying key due dates, it helps ensure that all necessary tasks and requirements are completed on time.
  

• Compliance Timeline:In this component, it provides a visual representation of the start and end dates for each compliance initiative.

• Task Progress:This component displays the progress of tasks, and consists of three tabs that allow you to filter tasks.
  • Ongoing Tasks: This tab shows tasks that are currently in progress.
  • Tasks at Risk: This tab displays tasks that are at risk of not being completed on time.
  • Future Tasks: This tab lists tasks that are scheduled to be started in the future.
    
    

Manage Compliance Tab

In this tab you will see the frameworks that have been added.

Compliance Information Tab

In this tab, you can select a framework that you wish to adhere to.

Task Management Tab

The Task Management tab provides a comprehensive view of the compliance project, allowing users to track progress, and ensure that the project is on track to meet its objectives.

If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.

Security Assessment Questionnaires

Overview

A Security Assessment Questionnaire (SAQ) is a tool used by organizations to evaluate the security posture of their vendors, partners, or internal departments. It typically consists of a structured set of questions designed to assess how well the entity adheres to security policies, controls, and best practices, including data protection, access management, incident response, and compliance with relevant regulations. The goal of an SAQ is to identify potential security risks, gaps, or vulnerabilities before entering into business partnerships or adopting new services, ensuring that sensitive information remains protected.

---

Navigate to the Module:

• Click on the menu icon to show all the different modules

• Under Cyber Governance, click on Security Assessment Questionnaires for Third Party.

---

How to Add a Questionnaire:

In the Security Assessment Questionnaires, click on Create Template to add a questionnaire.

For demonstration purposes, we will be using a sample questionnaire to fill in information on the SAQ.

---

Add Questionnaire Title:

To edit the title, click on the  icon.

Once a title has been filled out, click on the save icon to save any changes.

---

Add Questionnaire Section:

To add a section, first add a section title. Click on the icon to add a section title.

To save the section title, click add section.

---

Add Section Contents

• Question: This is where you write the question to be included in the assessment. The question typically aims to gather information regarding a specific security aspect, such as vendor policies, procedures, or technical safeguards. In a Security Assessment Questionnaire (SAQ), this could be anything like, "Do you have an incident response plan?" or "How do you handle data encryption?".

• Type (Text Field/Yes or No/Multiple Choice): This dropdown allows you to select the format in which the respondent will provide their answer. In the SAQ context:

  • Text Field allows for open-ended responses, where the vendor or respondent can type their detailed answer.
  • Yes or No is a binary option, where the respondent chooses between Yes or No, often used for compliance-based questions like, "Are you ISO 27001 certified?".
  • Multiple Choice offers predefined options from which the respondent can select. This could be used for questions like, "Which security framework do you follow?" with options like ISO, NIST, SOC 2.

• Input Response: This is where the respondent will provide their answer. For text fields, they type in their answer (such as describing their security measures), while for Yes/No or Multiple-Choice questions, they select from the available options.

• Required: This toggle indicates whether answering the question is mandatory. If required, the respondent must provide an answer before moving to the next section.

For this example, we will add a sample question for the questionnaire.

To save the question in the section, click Add Question as shown in the figure above.

This will then save the question and will add another question form to be added by the user.

---

Add Multiple Sections:

To add multiple sections for a questionnaire, click on the section title

Type in the section title you want to add, then click the Add Section button.

The newly added section will be added to the table of contents and questions can be added to it.

---

How to Delete a Section:

If, for example, you accidentally create a section that you didn’t intend to, or if there is a typo when creating a section, you can easily remove it. Simply click the delete button next to the section, and it will be removed immediately. This allows you to quickly correct mistakes and maintain a clean, organized questionnaire.

In this example, a section called 'wasd' was created and we want to delete it. Simply click on the trash icon where the arrow is pointing to delete the section.

---

How to Save a Questionnaire:

Once all questions and sections of the questionnaire are complete, you can save your progress by clicking the green "Save" button, as shown in the figure above. This ensures all your changes are recorded and the questionnaire is ready for future use or distribution.

The newly created questionnaire will then be saved and shown on the Security Assessment Questionnaires Dashboard as shown above.

---

Types of Questions:

• Text Field allows for open-ended responses, where the vendor or respondent can type their detailed answer.

• Yes or No is a binary option, where the respondent chooses between Yes or No, often used for compliance-based questions like, "Are you ISO 27001 certified?".

• Multiple Choice offers predefined options from which the respondent can select. This could be used for questions like, "Which security framework do you follow?" with options like ISO, NIST, SOC 2.

Conditional Questions:

For questions that have two parts, it's important to divide them into distinct sections for clarity and ease of response. As seen in the example below:

• The main question, "Does the Company have any quality certificates?", is presented as a Yes or No type of question. This is straightforward, allowing the respondent to quickly choose one of the two options.

• A follow-up question, "If yes, Specify:", is included to gather more information if the answer to the main question is 'Yes'. This is provided as a Text Field, where the respondent can input details about the certificates, if applicable.

This method ensures that respondents are not overwhelmed by unnecessary fields unless their answer requires additional input. The main question gathers high-level information, while the follow-up captures detailed specifics only when relevant.

If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.