Currently the Eramba Goals feature is the only part of the product that could be used to track program metrics, something that ISO 27001:2022 requires in section 9.1 Monitoring, measurement, analysis and evaluation.
If instead of adding new functionality to the product, you added new fields that could capture these program metrics in the audit of the goal such as:
Goal
Current Value
(then calculate the change from the prior audit’s current value to show either improvement or deteriation of your effort to achieve the goal and display this on the goal audit display as a derived value similar to how you show risk from derived calculations)
Current value could be configured to either store an ordinal number or a percentage. Goal could also be an ordinal number or a percentage such as goal for 95% of backups are successful, this allows your program to actually exceed your goals.
If you open the values for these field to be updatable over an API, the current value could be automatically fed into Eramba from third party software.
iso says you need to define whatever is you want to measure, but the following two must be for sure:
including information security processes and controls
that in eramba is reviewing policies and testing controls, both modules have statuses which can trigger any kpi you want based on any condition you want … the status produces charts as the ones shown below.
we use dynamic status and charts over time to track any kind of kpi in any module. for example the following chart comes from the third party modue, which inherits status from the online module … when assessments on third parties are not ok, they affect third parties status and that is used to produce this chart.
the same can be done with your goal section, if you look at demo (the one on the website) someone configured something like this:
goals are linked to all key modules in eramba (see below), so for example, if you define a kpi on the internal control module that affects a goal then you can inherit that status on the goal itself and then produce a chart that shows your goal status over time (that goal status can be anything, in the end is a dynamic status)
yes, of course we could open apis to that section. puts there will update fields which will update dynamic status with your kpis that will show charts as above. if you need this let us know.
