I’m talking about Clause 6.2 – “Information Security Objectives” and Clause 9.1 – “Monitoring, Measurement, Analysis, and Evaluation”.
Until now, we tracked our security objectives in an Excel sheet and treated the figures Eramba gave us like failed audits or expired reviews as KPIs and manually transferred them to this Excel sheet.
This is getting tedious, so I thought I’d ask other Eramba users here how they manage these two especially since Clause 9.3 – “Management Review” asks for trends for the two aforementioned clauses and my Excel sheet is getting a pain to work with.
Really looking forward to some advice from the crowd.
It is my understanding that is exactly what the ‘Goals’ Section is for under the program module. You can the record audits against those goals along with success criteria and so on. Apologies if i have misunderstood.
No, no, don’t apologize. You are absolutely right. I admit I never even noticed that section despite using Eramba since 2018
After having a look, that looks like it could take care of the Security Objectives, but I don’t see an option to visualize trends or maybe one can craft some reports to that? I will have a closer look.
Any other feedback related to Security Objectives or maybe the KPIs I mentioned initially?
I agree the suggestion from @SimonPlummer is probably the best in terms of “staying inside eramba”. However when going to your Executive Board you probably cannot click around in eramba, so a visualisation following your corporate identity is probably required.
For that I suggest a setup like this:
First come up with a “View” on the particular section of eramba, that you currently extract your KPIs from. E.g. a view called “KPI” on the “Policies” module of eramba.
Now create a new notifcation in the same module. Make it a “Report”-type Notification.
When setting up the notification you can chose your view from step 1 as the source of the report.
Select CSV as your data input format.
Setup the other parameters such as frequency and recipients to your liking.
Create an Excel spreadsheet, an Access form, or a PowerBI report and import your CSV file as the data source.
Especially with PowerBI it should be easy to import multiple files over time, to indicate trends as well.
