Do you have a detailed assessment of the current security level including maturity degree of the company?
With the selection of the compliance tile the functions of the compliance module will be activated. About this the valuations for the chosen scope will be carried out. The norms, policies, laws and standards can be assessed with the deposed questionnaires in the chosen scope. On the basis of the answered questions and if any the connected measures the maturity level of the requirements (controls, captures and more) will be valued. The evaluation could be managed by the assets management information.
As part of the self-assessments, a differentiated evaluation of IT compliance status per scope, according to the selected standard is executed. Resources and processes are not only associated, they also can be evaluated with regard to maturity degree (target/actual comparison) – and valued based on the respective standard. For the assignment is a predefined questionnaire with interview questions is available, including the ability to answer them online as well.
An excerpt of the features and the already available within qsec® standards:
- Scopes individual representable
- ISO 27001, ISO 27002 (2005 and 2013) completely integrated
- ISO 9001 (2008 and 2015)
- ISO 14001, ISO 20000, BS OHSAS 18001:2007 and 18002:2008, BDSG, PCI DSS and VDA protection of prototype (optional)
- VDA Assessment
The procedure enables:
- Integrated status assessment based on the Plan Do Check Act Methodology (PDCA)
- IT compliance assessment based on various efforts (incl. The questionnaires for the implemented rules and standards)
- Maturity assessment with target/actual performance comparison on control level
- automatic, adjustable follow-up of controls
- Definition of IT compliance target values
- Identification of gaps
- Generating measures to achieve the IT compliance targets
General Data Protection Regulation in QSEC®
The GDPR with all chapters and maturity level assessment questions is already integrated in the compliance module of qsec®. In addition to the established ISO norms (ISO/IEC 27001 ff, 27019 etc.) and the IT baseline security all necessary valuations in accord with the GDPR can be carried out. An existing procedure report meets all requirements for the demanded accountability report.
The business processes (methods) are assessed with the required valuation criteria in accord with the EU GDPR (responsible position, purpose, recipient, capacity, privacy by design, privacy by default, impact analysis, order processing, approvals, regulators contact) in qsec®.