Security Vision Compliance Management

Main article: Definition of Business Intelligence

2024: Анонс Security Vision Compliance Management

On March 5, 2024, Security Vision announced the release of the Compliance Management product on the Security Vision 5 platform .

securityvision.ru

According to the company, the product "Compliance Management" is a professional solution for conducting assessment processes. The capabilities of the product include not only compliance checks, but also the prompt assessment of a group of employees in any area of ​ ​ interest of the company (for example, in the context of completing awareness-raising tasks).

Security Vision Compliance Management implements standards verification tools for both the organization as a whole and its individual elements, such as information systems, business processes, premises, and other enterprise assets. The system provides flexibility in selecting an evaluation method based on either standards from the examination package or its own evaluation method. Using the platform's capabilities, the evaluation process can be automated. This reduces the number of routine operations, allowing more efficient collection and processing of information in a single window.

Key Product Capabilities

Maintaining a register of requirements standards

The product contains the most commonly used standards and frameworks for March 2024, such as FSTEC Orders No. 17, 21, 31, GOST 57580, iso 27001, NIST and others. In addition to this, the user can form corporate standards by adding their own requirements or re-using requirements from existing standards. Grouping of requirements by domains has been introduced to facilitate analysis, while it is possible to customize the general view of the document both visually and functionally. The standard can be uploaded to the system from a file, and exported to a file if necessary for ease of working with requirements.

The user is not limited by the limit and functionality in terms of the establishment in the system of standards and surveys of any configuration, while the knowledge base of boxed standards is constantly maintained and supplemented as part of a regular update.

The standard has a status model that provides the procedure for updating and transferring outdated documents to the archive.

A rating scale is set up for the requirements and answer options are established, while it is possible to flexibly add answers and their weights for each specific question or requirement, which allows you to apply an individual methodology for calculating the result for any number of answer options.

Assets and protections

The system allows you to load the resource and service model of the enterprise, including products, business processes and information systems, detailing them into technical elements, such as servers, premises and equipment. Downloadable assets can be associated with security measures to automatically obtain a company-wide compliance assessment.

The product provides a knowledge base of protection measures (NOS FSTEC), as well as the ability to create user measures. Measures have a status model that allows you to clearly assess the current and planned compliance with the requirements of specific assets. The functionality of applications for the introduction of user measures with tracking the progress of their implementation has been implemented.

Conformity assessment

The evaluation process can be carried out both manually (filling out questionnaires) and in an automated format: measures to protect specific assets are taken into account, as well as the results of previous assessments.

The evaluation process can be carried out both for the enterprise as a whole and for specific systems, in particular, with a visual representation of the progress of work.

The assessment can be carried out both completely online and partially offline (compilation of questionnaires, assessment methods, formation of standards, collection stage information), which is useful for working with remote locations.

Flexible model of data sheets

One of the main mechanisms for clarifying and collecting information during the assessment process is automated generation of questionnaires. Questionnaires can be delegated to different departments and different performers (you can send a questionnaire for one object to different employees for a more complete picture), their status and progress of filling are monitored. In this case, the auditor will see the degree of compliance of the evaluation object with the expected level in real time. The questionnaire has a lifecycle that provides for checking its completion by the auditor and sending it for revision if necessary. There is an automatic mechanism for validation and consolidation of data into a single integral assessment of the object's compliance with the requirements.

The process of filling out the questionnaire can be customized for the personal assessment methodology (adding approval steps, collecting and receiving data, etc.).

The product implements notifications to notify users of all significant changes in the system (receiving a questionnaire for filling out, tasks for execution). You can configure scheduled notifications. Notifications are received both internal and external (e-mail, Telegrams). It is possible to create user notifications with http services, mail services, files, databases.

As a result of the operation of the module, the system itself will summarize all the received data in a single scorecard of the evaluation process and prepare a template of an action plan to bring the evaluation object in line with the expected result or requirements of the standard.

Target Action Plans

The evaluation process allows you to automatically identify outstanding requirements (which apply to the object being analyzed), separate them into a separate document, and generate a plan of measures to implement them. The system allows you to form tasks for the implementation of fixes and protection measures, monitor their implementation in external systems.

The mechanism of tasks for the implementation of protection measures provides the ability to track the fulfillment of deadlines for hiring and execution, reassign those responsible, accept/send tasks for revision. The life cycle of tasks can be customized.

When performing tasks for implementation of corrections and protection measures, all changes are automatically reflected on assets of the resource-service model and are subsequently taken into account during regular assessment.

Two-way integration with SD systems (JIRA, NAUMEN, OTRS) is implemented, which allows you to synchronize tasks in modules and in an external system. It is possible to create integration with any necessary external system.

Compliance Degree Visualization Analytical Engine

One of the important parts of Security Vision Compliance Management is a module visualization that allows you to consolidate the received information and perform an analysis of all components of the assessment process. Several predefined are provided in the product, dashboards including an interactive map that shows an integral compliance assessment for each of the distributed organizations. The functionality BI of analytics in dashboards allows you to implement various visualization options in the necessary sections (by organizations, evaluation objects, standards). Dashboards and widgets support drill down functionality for detailed analysis of displayed data.

Report Library

Express reports are available from resource service model objects, standards, evaluation processes and questionnaires, as well as pre-configured general reports on various data slices. The product provides the ability to customize reports: built-in platform mechanisms allow you to create custom reports in no-code mode and configure automatic generation of reports on a schedule. Reports can be sent through various channels, including email, file balls, Telegram and others.