RESPONSUM offers the tools to guide your security governance and compliance with one or more Standards and Frameworks. It allows you to manage your risks and define what mitigating measures are in place to lower those risks.
See it in action
Pre-requisites to get started
- Security management to be included in your RESPONSUM license
- Full access as a “power user” type user
- Access as a “promoted user” type user with specific permissions towards the “Security” sub-modules with permission level “Editor” or higher
Fast-track to Brilliance
- Use the “Standards & Frameworks” module and/or our Excel importer to input the framework(s) you want to comply with
- Create controls related to each standard/framework
- Use control requirements to link defined controls over standards/frameworks together if they are mitigated in a similar way
- Control requirements will reference other related sub-modules:
- Risk Register
- Evidences
- Mitigations
- Control requirements will reference other related sub-modules:
Step-by-step guidance
Find an explanation below for the purpose and use of every security management related sub-module:
Standards & Frameworks
This sub-module gives you an interactive overview of the various standards & frameworks you manage within RESPONSUM and shows you their controls and allows you to add new items, update existing items and move controls under different sub-sections of a standard/framework.
Controls
Gives you a regular customizable list view of all controls related to all standards & frameworks. You can click through on any control to get the full details of that control and give you a roll-up of further details and linked items that have been provided on the linked “Control requirement”.
As this view is easily filterable and has a reference to the control applicability status, it acts as your statement of applicability for a specific standard/framework listed.
Control requirements
Control requirements directly link to one or more controls and in this way allows to link controls over standards/frameworks together to be mitigated in a similar way. Each control should have at least one control requirement linked, as some information shown on a control is shown through the linked control requirement. (Such as the linked risks, mitigations, assets, evidences, tasks and processes)
A control requirement can consist of:
- A name
- A reference back to the “Satisfied control” (Link to one or more “controls”)
- An applicability status
- The option to link any “Evidence” entries that are relevant
- The option to link any “Risk” entries from the risk register that are relevant
- The option to link any “Mitigation” entries directly if not linked through a risk already
Evidences
Allows you to store any evidence of checks conducted and link them to control requirements. An evidence entry can consist of:
- A name
- A selected owner
- A review interval
- An uploaded/set of uploaded evidence files
- A clarification text field
Security assets
A security asset allows you to define and link to any IM system, Vendor, Process… (Any other sub-module) to be registered as an “Asset” and linked to a control requirement.
If you have any further questions around security management, feel free to reach out to support@responsum.eu.