Suche aufrufen
Menü aufrufen
47
1.3K
10
34.8K
HITGuard User Guide
Toggle preferences menu
Persönliches Menü aufrufen
Nicht angemeldet
Ihre IP-Adresse wird öffentlich sichtbar sein, wenn Sie Änderungen vornehmen.

Berichte für das Risikomanagement/en: Unterschied zwischen den Versionen

Aus HITGuard User Guide
Weitere Optionen
← Zum vorherigen Versionsunterschied
VisuellWikitext
Isan (Diskussion | Beiträge)
Administratoren, translater, tsuser
10.680 Bearbeitungen
Die Seite wurde neu angelegt: „HITGuard offers the possibility of generating various risk management reports under "Risk management → Reports".“
Isan (Diskussion | Beiträge)
Administratoren, translater, tsuser
10.680 Bearbeitungen
Keine Bearbeitungszusammenfassung
 
(324 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:


HITGuard offers the possibility of generating various risk management reports under "Risk management → Reports".  
HITGuard offers the possibility of generating various risk management reports under "Risk management → Reports".
 
[[Datei:RM Berichtauswahl allgemein.png|left|thumb|900px|Report selection]]<br clear=all>
 
To create a report, first choose a type of report. Subsequently, choose which data to include in the report (e.g. risks or reviews). Most reports also have additional report options which allow further specification of the report's contents.</p>Knowledge bases can be made available in different languages due to stored translations for used knowledge bases. For example, to generate a report with the English texts, the language must be changed using the flag icon at the top right of the screen, next to the logout button. This will load all content for the reports in the desired language, provided that a translation in that language is available for the knowledge base.</p><b>Download options:</b><br>The reports are available for download as PDF or DOCX files. Click the pink button to generate and download a report. Then, choose whether the report should be downloaded as a PDF or DOCX.</p>Additionally, there is the option to generate and archive the reports including revision information. In doing this, the report can be viewed, generated anew, or downloaded again by an expert under "Administration → Report archive". More information about this can be found under [[Special:MyLanguage/Berichtsarchiv | "Administration → Report archive"]].</p>When generating reports with revision information in the archive, there is also the option to send the report by e-mail to various recipients right away. More information about this can be found in the report archive and under [[Special:MyLanguage/Berichtsarchiv | "Administration → Report archive"]].</p><b>Remembering report options:</b>Some of the report options can be found for various reports. For these, the selected options are remembered within the management system and for the individual user, and then also applied for other reports with that same option. For example, if the option "Table of contents" is selected, then it will already be selected when accessing any other report pages that use this option.</p><b>Licenses:</b></br>If no valid license for HITGuard is available, this will be displayed in the footer of the report! To change this, an expert or administrator has to request/upload a license under [[Special:MyLanguage/Lizenzierung | "Administration → Licensing"]].</p>The following reports are offered in the risk management section of HITGuard:
 
== <span id="hazard_sit"></span> Risks and opportunities==
===General risk/opportunity report===
In this report, details on risks and opportunities are presented. In addition, the risks and opportunities are positioned in a risk matrix according to their criticality. The measures and controls to be taken or already taken can be displayed for the individual risks and opportunities. Furthermore, the development of the risks and opportunities over time can be displayed.</p><b>Caution:</b>Users with the Compliance Manager role will also see measures and controls from all other management systems.
 
Example risk management report: [[Media:Risikobericht ohne Maßnahmen mit Entwicklung.pdf | Risks without M/C details incl. temporal development]]


[[Datei:RM Berichtauswahl allgemein.png|left|thumb|901px|Berichtauswahl]]
<big><b>Generate risk/opportunity report</b></big></p>
To generate a risk/opportunity report, you have to navigate to "Risk Management → Reports → Risks & opportunities → General". There you have several options to generate the report:
# '''Risks and opportunities''': You can generate a risk/opportunity report for one or more risks. However, you can only generate reports in management systems to which you are assigned.
# '''Structural elements''': You can list all the risks and opportunities assigned to the selected structural elements.
# '''Responsible person(s)''' (compliance manager only): You can generate a risk/opportunity report in which all risks and opportunities are listed for which a specific team or a person is responsible.</p>After that, just click on the pink download button to generate the report.</p>
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Gaps
|Lists all gaps linked with the risk/opportunity.
|-
!Measures
|Dictates whether open AND/OR suspended AND/OR completed measures are printed.<br><br>Determines whether the progress overview AND/OR progress protocol AND/OR remarks are printed for the measures.
|-
!Controls
|Dictates whether active AND/OR suspended AND/OR deactivated controls are printed.<br><br>Determines whether the statistic AND/OR execution protocol AND/OR remarks are printed for the controls. Determines control executions of which status are included in the execution protocol.
|-
!Temporal development
|Lists the entries of the temporal development of the risk/opportunity in a chapter of their own.
|-
!Appendix with explanations
|Adds an appendix with various explanatory texts to the report.
|-
|}
[[Datei:RM Gefährdungslage Bericht erstellen.png|left|thumb|900px|Generate risk/opportunity report]]
<br clear=all>
<br clear=all>


Um einen Bericht zu erstellen, entscheidet man sich zuerst für einen Berichttyp. Anschließend wird noch ausgewählt, zu welchen Daten der Bericht generiert wird (z.B. Gefährdungslagen oder Audit). Die meisten Berichte verfügen zusätzlich über Berichtsoptionen mit denen der Inhalt des Berichts noch spezifischer eingeschränkt und / oder erweitert werden kann.
===Gross-net report===
This report lists details about the development of a risk or opportunity. The focus of the report, therefore, lies on the aspect of the gross-net-risk/opportunity, which is managed with measures and controls. All to-be-implemented as well as already implemented measures and controls are listed for the individual risks or opportunities. The gross risk/opportunity as well as the possible net scenarios can be displayed separately. If desired, the development over time of the risk/opportunity can also be displayed.</p><b>Caution:</b> The measures and controls from other management systems are only visible for users with the role "Compliance manager".
 
Example gross-net-risk report: [[Media:Brutto-Netto-Risikobericht.pdf | Gross and net risk with matrices, no details for M/C]]
 
<big><b>Create gross-net report</b></big></p>To generate a gross-net report, you have to navigate to "Risk Management → Reports → Risks & opportunities → Gross-net". There you can generate the report for a selected risk or opportunity with different characteristics. Reports can only be created for risks or opportunities in management systems one is authorized for. (The exception are compliance managers, who can generate reports for all risks and opportunities in all management systems.)</p>Click the pink download button to generate the report.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Treatment of the current risk/opportunity
|Determines whether the measures and controls for the treatment of the current risk/opportunity are included in the report.
|-
!Gross risk/opportunity
|Determines whether the evaluation of the gross risk/opportunity is included in the report.
|-
!Treatment of the gross risk/opportunity
|Determines whether the measures and controls for the treatment of the gross risk/opportunity are included in the report.
|-
!Ability to control
|Determines whether the ability to control of the already implemented sets of measures and controls are included int he report.
|-
!Net risk/opportunity
|Determines whether the evaluation of the net risk/opportunity is included in the report.
|-
!Best case AND/OR Most likely case AND/OR Worst case
|Determines whether and which scenarios of the net risk/opportunity are included in the report.
|-
!Matrices
|Determines whether, in addition to textual information, the evaluation of the gross risk/opportunity and the scenarios of the net risk/opportunity are included in the report as images.
|-
!Measures
|Determines for the measures whether the progress overview AND/OR the progress protocol AND/OR remarks are included in the report.
|-
!Controls
|Determines for the controls whether the statistic AND/OR the execution protocol AND/OR remarks are included in the report. Determines as well whether irrelevant control executions are to be considered in the report.
|-
!Time evolution
|Lists the entries of the risk/opportunity's time evolution in a separate chapter.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:Berichtseite BNR.png|left|thumb|900px|Create gross-net-risk report]]<br clear=all>
 
==ESG==
Reports on fields of action can be created here. In addition to the fields of action, detailed information on the risks, opportunities and effects of the fields of action is also printed. The report can be configured with a variety of reporting options so that risks, opportunities and impacts are presented according to your needs.
<big><b>Create ESG report</b></big></p>To create an ESG report navigate to "Risk management → Reports → ESG". Then, choose the topic followed by the fields of action for which you want to generate a report, and configure it via the report options.</p>To generate the report click the pink download button.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Fields of action without score
|If this option is selected, fields of action that do not have a score are printed in the report. Otherwise, the report only contains fields of action that have a gross and/or net score.
|-
!Tabular description
|If this option is selected, all fields of action are additionally printed in the form of a table at the beginning of the report. This is to give an overview of all fields of action selected from the list.
|-
!Content from underlying fields of action
|With this you determine whether linked risks, opportunities, and impacts from lower levels of the hierarchy are printed with fields of action from higher levels of the hierarchy.
|-
!Non-material fields of action
|If this option is selected, non-material fields of action can be included in the report.<br><br>Whether a field of action is seen as material or not is configured under "Risk management > Settings".<br><u>Example</u>: If the threshold for the financial materiality is set as 15, a field of action must have a financial materiality of 16 or higher, unless the option is selected. The same principle applies to the impact materiality.
|-
!Detailed description
|With this you determine if and which details for the fields of action are to be included in the report:<p> - gaps <br>- measures incl. choice of status and details<br>- controls incl choice of status and details (also for their executions)<br>- Time evolution
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:SA_Reports_ESG_anno.png|left|thumb|901px|Create ESG reports]]<br clear=all>
 
== <span id="prot_need"></span> Protection needs ==
In this report, the results of either one or multiple protection needs analyses are displayed. Choices can be made regarding the summary of the results as well as their details. Additionally, it's possible to add an appendix with explanations for the basis of the assessment in the protection needs analysis.
 
<big><b>Generate protection needs report</b></big></p>To generate a protection needs analysis, you have to navigate to "Risk management → Reports → Protection needs". Then, choose which protection needs analysis to generate the report for and configure this via the report options.</p>To generate the report click on the pink download button.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Extent of damage
|This option determines which resources are included in the report. The report includes all resources that have at least one evaluation of the selected extent of damage or worse.
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Summary
|If a report contains multiple protection needs analyses, this option can add a summary of all results in the form of a crosstab to the report.
|-
!Summary details
|Prints a list of all interviews included in the data basis of the report above the crosstab.
|-
!Interview results
|Adds the rationale for the assessments of the individual protection needs and the crosstab for each interview to the report.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Schutzbedarf Bericht erstellen.png|left|thumb|900px|Create protection needs reports]]<br clear=all>
 
==<span id="gap_report"/> Gap analyses==
In this report, the results of either one or multiple gap analyses are displayed. When choosing the reviews, take note that they are limited by the chosen analysis period. An array of report options allow you to configure the reports to be displayed the way you need them.
 
Example gap report: [[Media:Abweichungsbericht Beispiel Überprüfungen.pdf | reviews without proposals ZR 5]]<br>
Example gap report: [[Media:Abweichungsbericht Beispiel Verantwortlich.pdf | responsible with proposals ZR 3]]<br>
Example gap report: [[Media:Abweichungsbericht Beispiel OrgEh.pdf | organizational unit all audit questions without proposals ZR 2]]
 
<big><b>Generate gap analysis report</b></big></p>To generate a deviation report navigate to "Risk management → Reports → Gap analyses". There, you have several options to generate such a report depending on your role:
# '''Reviews''':  This report contains all information about the selected reviews. The selection shows only reviews from the current management system in the selected analysis period (with the report options to the right).  
# '''Responsible(s)''' (Compliance manager only): This report contains all reviews the selected person(s) or team(s) is/are responsible for.
# '''Organizational unit''' (Compliance manager only): This report contains all reviews that have been created for an organizational unit. The selection shows only organizational units for which reviews exist in the current management system and within the selected analysis period.</p>
It is possible to create a report for several analysis periods. For this, change the analysis period among the report options to the right. Then, the reviews of the chosen analysis period are made available.<br><b>Caution:</b> If you select a new analysis period, the reviews from the previous ones will no longer be displayed, but will remain selected.</p>After that, click on the respective pink download button to generate the gap report.
{| class="wikitable"
! colspan="2" | <b>Berichtsoptionen</b>
|-
!Selection of the analysis period
|This option determines which analysis period the report elements come from.
|-
!Selection of the target score
|For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
|-
!Target score on the cover page
|Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Review
|Header data: if activated, all available information on the review is printed in the header data. If not, the report only shows the reviewed organizational units, beginning an dend of the review, as well as the participants, if filled in.<br><br>The remining options determine whether review remarks are printed, and whether and which graphics are included in the report (bar chart AND/OR compliance spider charts).
|-
!Review object
|Header data: if activated, all available information on the review object is printed in the header data. If not, the report only shows name of the review object.<br><br>The remining options determine whether and which graphics are included in the report (donut charts AND/OR scoreline).
|-
!Treatment plan by determination type
|Prints the treatment plan (meaning the measures and controls) clustered by determination type at the beginning of the report. This is only possible, if the determination type for reviews is activated in the audit management module.<br>Note: The treatment plan does not include positive determinations (model implementation).<br>Find out more on determination types [[Special:MyLanguage/Auditmanagement_Einstellungen|here]].
|-
!Tabular evaluation of review questions
|Prints an overview of the review questions and results with their answers in the form of a table. The cells containing the answers are colored as per the target score. Unnecessary review questions/results are grey. Not answered review questions/results are colorless and marked with "-". Anwered information gatherings are marked with "answ.".<br><br>All OR Only positive OR Only negative:<br> Determines for the table whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.<br><br>Information gatherings AND/OR Unnecessary AND/OR Not answered:<br>Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the table.
|-
!Detailed evaluation of review questions
|Prints a detailed overview of the review questions and results with various additional information in the report.<br><br>All OR Only positive OR Only negative:<br> Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.<br><br>Information gatherings AND/OR Unnecessary AND/OR Not answered:<br>Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.<br><br>Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:<br>Determines the inclusion of these elements in the detailed overview of the review questions/results.<br><br>Move to appendix:<br>If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
|-
!List attachments/evidences
|Prints the file names of attachments/evidences in the report..
|-
!Embed image attachments
|Image files (.jpg or .png) attached to review questions and/or review results are also embedded in the report as images. The file names of the respective images are printed below them. If available, the timestamp of the capture is also printed. Consequently, the file size of the report is larger and generation can take a little longer.
|-
!Attachments/evidences as zip-file
|The report is downloaded in a zip-folder along with any attachments/evidences. Links are listed in a .txt file.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Abweichungsanalysen Bericht erstellen.png|left|thumb|900px|Create gap analysis report]]<br clear=all>


<b>Languages:</b><br>
==<span id="conf"></span> Conformity==
Knowledge bases can be in different languages due to stored translations for used knowledge bases. For example, to generate a report with the English texts, the language must be changed using the flag icon at the top right of the screen, next to the logout button. This will load all content for the reports in the desired language, provided that a translation in that language is available for the knowledge base.
[[Datei:RM Konformität auswahl.png|right|thumb|650px|Choose conformity type]]
Here, you can generate reports to show the conformity with a standard or norm as well as the results of gap analyses.</p>These reports show a distinct average score for each requirement or norm chapter.<p>Weightings of review questions are not considered.
====Evaluation by standards and norms:====
Review questions mapped to chapters of standards and norms are considered for the calculation of score values. These can be answered in reviews. Review questions from various reviews can populate this evaluation. Review questions can be mapped to all chapter levels.<p>Example: ISO 9001 chapter 6 Planning, which consists of 3 subchapters.
*Chapter 6 Planning (<b>Score = 2.85</b>)
**Review question 1: Score = 2
**Review question 2: Score = 2
**Score for calculation: (2 + 2) / 2 = 2
*6.1 Measures for the handling of risks and opportunities (Score = 4)
**Review question 3: Score = 3
**Review question 4: Score = 5
**Score for 6.1: (3 + 5) / 2 = 4
*6.2 Quality objectives and planning to their achievement (Score = 4)
**Review question 5: Score = 4
**Score for 6.2: (4) / 1 = 4
*6.3 Planning of Changes (Score = 3)
**Review question 6: Score = 3
**Review question 7: Score = 3
**Score for 6.3: (3 + 3) / 2 = 3<p>
To get the score for chapter 6, first the averages of the subchapters must be calculated (4 + 4 + 3) / 3 = 3.7. Then the value is calculated with the averages of the review questions of the main chapter (3.7 + 2) / 2 = 2.85.
<p>
====Evaluation by reviews:====
The evaluation by reviews is done on the basis of the contained topics (review objects). The final score of a review comes from the averages of the individual review object results. The score of the review objects comes from the average of the contained review questions.<p>Example: Review per ISO 9001 for chapter 5 Management (Score = 3.66) and chapter 6 Planning (Score = 3.14)
*Chapter 5 Management (<b>Score = 3.66</b>)
**Review question 1: Score = 3
**Review question 2: Score = 5
**Review question 3: Score = 3
**Score = (3 + 5 +3) / 3 = 3.66
*Chapter 6 Planning (<b>Score = 3.14</b>)
**Review question 1: Score = 2
**Review question 2: Score = 2
**Review question 3: Score = 3
**Review question 4: Score = 5
**Review question 5: Score = 4
**Review question 6: Score = 3
**Review question 7: Score = 3
**Score = (2 + 2 + 3 + 5 + 4 + 3 + 3) / 7 = 3.14
Note: For chapter 6 the same review questions were used as for the evaluation by standards and norms.


<b>Bericht Formate:</b><br/>
Die Berichte stehen als PDF oder DOCX Datei zum Download zur Verfügung. Zum generieren und herunterladen muss bei einem Bericht auf den pinken Button geklickt werden. Anschließend kann ausgewählt werden ob man den Bericht als PDF oder DOCX herunterladen will.


<b>Lizenzen:</b></br>
===<span id="comp_review"/> Conformity report by reviews===
Ist keine gültige Lizenz von HITGuard vorhanden, dann wird dies bei den Berichten in der Fußzeile angezeigt! Um dies zu ändern, muss unter [[Special:MyLanguage/Lizenzierung | "Administration → Lizenzierung"]] von einem Experten oder einem Administrator eine Lizenz angefordert / eingespielt werden.
The purpose of this report is to graphically illustrate the fulfillment of the prerequisites based on individual reviews. The fulfillment of the prerequisite points is presented visually in the form of spider diagrams, pie charts or tachometers.


The following reports are offered in the risk management section of HITGuard:
<big><b>Generate conformity report by reviews</b></big></p>Depending on your role there are different ways of generating this report.
# '''Reviews''': You can generate a conformity report for the selected reviews.
# '''Responsible''' (Compliance manager only): You can generate a compliance report for one responsible person or team, where all reviews assigned to this responsible person or team are listed with their respective evaluation.
# '''Organizational units''' (Compliance manager only): You can generate a compliance report for an organizational unit, where all reviews assigned in this organizational unit are listed with their respective evaluation.


== Hazard Situation Report ==
Example conformity report: [[Media:Konformitätsbericht Beispiel Überprüfung.pdf|Reviews]]<br>
Example conformity report: [[Media:Konformitätsbericht Beispiel Verantwortlicher.pdf|Responsible]]


In this report, details on hazard situations are presented. In addition, the hazard situations are positioned in a risk matrix according to their criticality.  
{| class="wikitable"
! colspan="2" | <b>Berichtsoptionen</b>
|-
!Selection of the analysis period
|This option determines which analysis period the report elements come from.
|-
!Selection of the target score
|For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
|-
!Target score on the cover page
|Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Review objects/questions in table of contents
|This option determines whether the table of contents also contains individual review objects/questions.
|-
!Review
|Header data: if activated, all available information on the review is printed in the header data. If not, the report only shows the reviewed organizational units, beginning an dend of the review, as well as the participants, if filled in.<br><br>The remining options determine whether review remarks are printed, and whether and which graphics are included in the report (bar chart, donut diagram, compliance spider charts). The "unnecessary" option in this position affects all donut diagrams of the report.
|-
!Review object
|Header data: if activated, all available information on the review object is printed in the header data. If not, the report only shows name of the review object.<br><br>The remining options determine whether and which graphics are included in the report (donut charts AND/OR scoreline).
|-
!Tabular evaluation of review questions
|Prints an overview of the review questions and results with their answers in the form of a table. The cells containing the answers are colored as per the target score. Unnecessary review questions/results are grey. Not answered review questions/results are colorless and marked with "-". Anwered information gatherings are marked with "answ.".<br><br>All OR Only positive OR Only negative:<br> Determines for the table whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.<br><br>Information gatherings AND/OR Unnecessary AND/OR Not answered:<br>Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the table.
|-
!Detailed evaluation of review questions
|Prints a detailed overview of the review questions and results with various additional information in the report.<br><br>All OR Only positive OR Only negative:<br> Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.<br><br>Information gatherings AND/OR Unnecessary AND/OR Not answered:<br>Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.<br><br>Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:<br>Determines the inclusion of these elements in the detailed overview of the review questions/results.<br><br>Move to appendix:<br>If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
|-
!List attachments/evidences
|Prints the file names of attachments/evidences in the report..
|-
!Embed image attachments
|Image files (.jpg or .png) attached to review questions and/or review results are also embedded in the report as images. The file names of the respective images are printed below them. If available, the timestamp of the capture is also printed. Consequently, the file size of the report is larger and generation can take a little longer.
|-
!Attachments/evidences as zip-file
|The report is downloaded in a zip-folder along with any attachments/evidences. Links are listed in a .txt file.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Konformität nach Überprüfung Bericht erstellen.png|left|thumb|900px|Create conformity report by reviews]]<br clear=all>


<div class="mw-translate-fuzzy">
=== Conformity report by standards and norms ===
The measures and controls to be taken or already taken can be displayed for the individual hazard situations. Furthermore, the development of the hazard situations over time can be displayed.
The purpose of this report is to graphically illustrate the fulfillment of the prerequisites in each requirement area of the standard. The fulfillment of the prerequisite items will be visually represented in the form of spider diagrams, pie charts, or tachometers. After selecting a standard, a list of applicable knowledge bases and their various versions will appear. From this, choose all knowledge bases and versions thereof which are to be part of the report's data basis.</p>For display purposes, questions answered Yes, No, or Partially are converted to scores. "No" corresponds to score 1, "Partial" corresponds to score 3, and "Yes" corresponds to score 5.</p>
</div>


<div class="mw-translate-fuzzy">
<big><b>Generate conformity report by standards and norms</b></big></p>First, the desired norm or standard must sbe selected for which a conformity report is to be generated. If the option "Include mapped standard chapters" is selected, the mapped standard/the mapped norm can be selected from a second list. Then, the knowledge bases to be considered in the report must be selected.</p>The selected knowledge bases form the basis for the evaluations in the report. Only knowledge bases that have a mapping to the selected standard and at least one review object (of a gap analysis) are displayed. If a review object exists in several versions, only the one with the highest version is considered. If a restriction is also made to an OrgUnit, the highest version of the review object that is linked to the OrgUnit is used. In addition, note that reviews may not be in the state "Draft" or the respective knowledge bases will also not be listed.
Users with the Compliance Manager role will also see measures and controls from all other management systems.
{| class="wikitable"
</div>
! colspan="2" | <b>Berichtsoptionen</b>
|-
!Selection of the target score
|For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
|-
!Selection of a time period from-to
|This option determines from which time period between a beginning and an end date the report elements are taken.
|-
!Selection of the OU
|This option determines which organizational units are considered for the report.
|-
!Target score on the cover page
|Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Review objects/questions in table of contents
|This option determines whether the table of contents also contains individual review objects/questions.
|-
!Only closed reviews
|With this option, only reviews in the state "Closed" are included in the report.
|-
!Report format
|Determines in which format the evaluation is displayed in the report:<br> - Tabular evaluation<br> - Tabular evaluation + graphical evaluation of the main chapters<br> - Graphical evaluation of the main chapters<br> - Graphical evaluation of the main chapters & subchapters incl. question
|-
!Detailed evaluation of review questions
|Prints a detailed overview of the review questions and results with various additional information in the report.<br><br>All OR Only positive OR Only negative:<br> Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.<br><br>Information gatherings AND/OR Unnecessary AND/OR Not answered:<br>Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.<br><br>Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:<br>Determines the inclusion of these elements in the detailed overview of the review questions/results.<br><br>Move to appendix:<br>If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
|-
!Include mapped standard chapters
|If the selected standard/norm refers to other standards/norms via mappings, the review questions and results linked with those chapters can be included in the report with this option.
|-
!Include not applicable chapters in the statistics
|Determines whether chapters marked as not applicable in the management system are considered in the report.
|-
!Include review results
|If selected, manually created review results are also considered (meaning those not coming from a knowledge base).
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Konformität nach Standard Bericht erstellen.png|left|thumb|900px|Conformity by standard or norm]]<br clear=all>


[[Media:Risikobericht ohne Maßnahmen mit Entwicklung.pdf | Risk report Example of hazardous situations without M / K incl. development over time]]
== <span id="san"></span> Standards and Norms ==
Reports about standards and norms can be generated here.
[[Datei:RM Standards auswahl.png|left|thumb|901px|Select report for standards and norms]]<br clear=all>


[[Media:Risikobericht inkl offener M K.pdf | Risk report Example of hazardous situations incl. exposed M / K]]
The chapter applicability for the reports is calculated as follows:
{| class="wikitable"
!Scenario
!Chapter
|-
!Scenario 1:
|Chapter 1 - without measures<br>Chapter 1.1 - with a measure<br>Chapter 1.2 - with a measure<br><br>The applicability of chapter 1 is 100%, because all chapters below have assigned measures.
|-
!Scenario 2:
|Chapter 1 - with a measure<br>Chapter 1.1 - without measures<br>Chapter 1.2 - without measures<br><br>The applicability of chapter 1 is 100%. As the measure is assigned to the super-chapter, it also counts towards the sub-chapters.
|-
!Scenario 3:
|Chapter 1 - without measures<br>Chapter 1.1 - with a measure<br>Chapter 1.2 - without measures<br><br>The applicability of chapter 1 is 50%, because only half of its sub-chapters have measures assigned to them.
|}
=== Statement of Applicability (SOA)===
This report shows which chapters of the standard are "applicable" or "not applicable" in the management system. It also includes the justification for each chapter's applicability and the measures and controls associated with the chapters.
*Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
*In the donut diagrams, the scope of the standard is taken into account. If this has been restricted, chapters marked as not applicable are not taken into account. This can be canceled by activating the option Include not applicable chapters in the statistics.</p>
The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.</p>With the option "Include mapped standard chapters", the database can be extended to mapped standard chapters. This means that if standard S1 has a chapter C that is mapped to standard S2 chapter C (S1.C => S2.C) and a report is generated from standard S1, the report will also include actions and controls that are mapped to standard S2 chapter C. This behavior also applies to chapters mapped from S2.C.
{| class="wikitable"
!Measures
|Green = Completed measures<br>Orange = Suspended measures<br>Blue = Open measures
|-
!Measures for chapters
|Red = Chapter without measures<br>Blue = Chapter with open measures<br>Green = Chapter with completed measures
|-
!Controls for chapters
|Orange = Suspended controls to chapters<br>Green = Active controls to chapters<br>Red = Chapters without controls
|-
|}


[[Media:Risikobericht inkl aller M K.pdf |   Risk report Example of hazard situations incl. all M / K]]
<big><b>Generate Statement of Applicability (SOA)</b></big></p>To generate an SOA, choose a standard/norm and configure the SOA via the report options. Click on the pink download button to generate the report.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Statistic
|In the statistic, the fulfilments are determined on the basis of the total number of chapters. Only the subchapters are included in the calculation.<br>Example: A standard consists of one superordinate chapter and three subchapters. The calculation basis for the statistic is 3 (= total number of subchapters). The superordinate chapter is only used for structuring purposes.
|-
!Scope
|Determines whether the scope recorded in the standard is included in the report.
|-
!Measures and controls details
|Determines whether details for included measures and controls are printed in the report.
|-
!Linked documents
|Determines whether documents from the doc management linked with the standard or norm are printed in the report.
|-
!Include mapped standard chapters
|If the selected standard  points to other standards, then the measures and controls that are related to that standard chapter will be taken into account when choosing this option.
|-
!Include not applicable chapters in the statistics
|Determines whether chapters marked as not applicable in the management system are considered in the report.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Standard SOA Bericht erstellen.png|left|thumb|882px|Statement of Applicability]]<br clear=all>


[[Media:Risikobericht Beispiel Verantwortlich.pdf | Risk report example Responsible person(s) without suspended M / K]]
=== Management Summary ===
This report provides a management overview of the measures and controls assigned to a standard/norm:
*Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
*A bar chart shows the number of measures & controls by main chapters. The number is the sum of the measures or controls assigned to the main chapter and each sub-chapter below it. A measure or control assigned several times is only counted once per main chapter.
*The report takes into account the scope of the standard. If the scope is limited, chapters marked as not applicable are not taken into account. This can be canceled by activating the option "Include not applicable chapters in the statistics".</p>The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.


[[Media:Risikobericht Beispiel Strukturelement.pdf | Risk report example structural elements without suspended M / K]]
Example report: [[Media:Management Summary Beispiel Bericht.pdf|Management Summary]]


<div class="mw-translate-fuzzy">
<big><b>Generate Management Summary</b></big></p>To generate a management summary, choose a standard/norm and configure the management summary via the report options. Click on the pink download button to generate the report.
'''Prepare hazard situation report:'''
{| class="wikitable"
</div>
! colspan="2" | <b>Report options</b>
|-
!Selection of the target score
|For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
|-
!Statistic
|In the statistic, the fulfilments are determined on the basis of the total number of chapters. Only the subchapters are included in the calculation.<br>Example: A standard consists of one superordinate chapter and three subchapters. The calculation basis for the statistic is 3 (= total number of subchapters). The superordinate chapter is only used for structuring purposes.
|-
!Measures and controls details
|Determines whether details for included measures and controls are printed in the report.
|-
!Include mapped standard chapters
|If the selected standard/norm refers to other standards/norms via mappings, the review questions and results linked with those chapters can be included in the report with this option.
|-
!Include not applicable chapters in the statistics
|Determines whether chapters marked as not applicable in the management system are considered in the report.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Standard Management Summary Bericht erstellen.png|left|thumb|882px|Management Summary]]<br clear=all>


<div class="mw-translate-fuzzy">
== <span id="structural"></span> Structural analysis ==
To generate a deviation report you have to navigate to "Risk Management → Reports → Deviation Analysis". There you have several options to generate a deviation report:
Reports on RTO and RPO fulfilment can be generated here. You can find more information on RTO and RPO under [[Strukturanalyse#RTO | "Risk management → Structural analysis"]].
# Hazard locations
[[Datei:RM RTO RPO auswahl.png|left|thumb|901px|Select RTO or RPO report]]
#:* You can generate a hazard layer report for one or more hazard layers.
<br clear=all>
#:* However, you can only generate hazard layer reports in management systems to which you are assigned.
# Responsible person(s) (Compliance Manager only)
#:* You can generate a hazard situation report in which all hazard situations are listed for which a team or a responsible person is responsible.
# Structural elements
#:* You can list all the risk locations assigned to the selected structural elements.
</div>


<div class="mw-translate-fuzzy">
=== RTO-Fulfillment ===
After that, just click on the "Download Hazard Situation Report as PDF" button to generate the report.
This report shows whether or not the requirements derived from the various protection needs analyses (PNAs) for the resources can be met in terms of the maximum justifiable recovery time in each case.</p>The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum justifiable recovery time.</p>If the report is restricted to a resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered.
</div>


<big><b>Berichtsoptionen</b></big>
<big><b>Generate RTO-Fulfillment report</b></big></p>To generate a RTO fulfillment report, click the pink download button.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Statistic
|Determines whether a statistic with graphics on the degree of fulfillment and coverage is included.
|-
!Fulfilled requirements
|Determines whether identified fulfilled requirements are included.
|-
!Not fulfilled requirements
|Determines whether identified not fulfilled requirements are included.
|-
!Resources with defined information
|Determines whether resources with defined information are included.
|-
!Resources with undefined/irrelevant information
|Determines whether resources with undefined or irrelevant information are included.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM RTO Erfüllung Bericht erstellen.png|left|thumb|902px|Create RTO report]]<br clear=all>


Mit den Berichtsoptionen kann spezifiziert werden in welchen Status sich Maßnahmen / Kontrollen befinden müssen um im Bericht angeführt zu werden.
=== RPO-Fulfillment ===
This report shows whether the requirements derived from the various protection needs assessments (PNAs) for the resources in terms of maximum acceptable data loss can be met in each case or not.</p>The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum acceptable data loss.</p>If the report is restricted to one resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered.


Weiters kann entschieden werden, ob die [[Special:MyLanguage/Risikobewertung#time_dev | zeitliche Entwicklung ]] der Gefährdungslagen im Bericht angezeigt werden soll und ob auch die zur jeweiligen Gefährdungslage zugewiesenen Abweichungen mit angedrückt werden sollen.
<big><b>Generate RPO-Fulfillment report</b></big></p>To generate an RPO fulfillment report, click the pink download button.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Statistic
|Determines whether a statistic with graphics on the degree of fulfillment and coverage is included.
|-
!Fulfilled requirements
|Determines whether identified fulfilled requirements are included.
|-
!Not fulfilled requirements
|Determines whether identified not fulfilled requirements are included.
|-
!Resources with defined information
|Determines whether resources with defined information are included.
|-
!Resources with undefined/irrelevant information
|Determines whether resources with undefined or irrelevant information are included.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM RPO Erfüllung Bericht erstellen.png|left|thumb|902px|Create RPO report]]<br clear=all>


<div class="mw-translate-fuzzy">
<!--
[[Datei:Risikobericht auswahl.png|left|thumb|804px|Create hazard situation report]]
HITGuard offers the possibility of generating various risk management reports under "Risk management → Reports".
 
[[Datei:RM Berichtauswahl allgemein.png|left|thumb|901px|Report selection]]
<br clear=all>
<br clear=all>
</div>


== Schutzbedarf ==
To create a report, first choose a type of report. Subsequently, choose which data to include in the report (e.g. risks or reviews). Most reports also have additional report options which allow further specification of the report's contents.
 
<b>Languages:</b><br>
Knowledge bases can be made available in different languages due to stored translations for used knowledge bases. For example, to generate a report with the English texts, the language must be changed using the flag icon at the top right of the screen, next to the logout button. This will load all content for the reports in the desired language, provided that a translation in that language is available for the knowledge base.
 
<b>Download options:</b><br>
The reports are available for download as PDF or DOCX files. Click the pink button to generate and download a report. Then, choose whether the report should be downloaded as a PDF or DOCX.
 
Additionally, there is the option to generate and archive the reports including revision information. In doing this, the report can be viewed, generated anew, or downloaded again by an expert under "Administration → Report archive". More information about this can be found under <b>[[Special:MyLanguage/Berichtsarchiv | "Administration → Report archive"]]</b>.
 
When generating reports with revision information in the archive, there is also the option to send the report by e-mail to various recipients right away. More information about this can be found in the <b>[[Special:MyLanguage/Berichtsarchiv | report archive]]</b> and under <b>[[Special:MyLanguage/Textbausteine | "Administration → Text blocks"]]</b>.
 
<b>Remembering report options:</b>
Some of the report options can be found for various reports. For these, the selected options are remembered within the management system and for the individual user, and then also applied for other reports with that same option. For example, if the option "Table of contents" is selected, then it will already be selected when accessing any other report pages that use this option.
 
<b>Licenses:</b></br>
If no valid license for HITGuard is available, this will be displayed in the footer of the report! To change this, an expert or administrator has to request/upload a license under [[Special:MyLanguage/Lizenzierung | "Administration → Licensing"]].


In diesem Bericht werden wahlweise die Ergebnisse aus einer oder mehreren Schutzbedarfsanalysen dargestellt. Es werden Gestaltungsmöglichkeiten bzgl. der Zusammenfassung der Ergebnisse und etwaiger Details dazu zur Verfügung gestellt. Es bietet sich zudem die Möglichkeit einen Anhang mit ausführlichen Erklärungen zur Grundlage der Einstufung der Schutzbedarfsanalysen zu erzeugen.
The following reports are offered in the risk management section of HITGuard:


<big><b>Schutzbedarf Bericht erstellen:</b></big>
== <span id="hazard_sit"></span> Risks ==
===General risk report===


Um einen Schutzbedarf Bericht zu generieren navigieren Sie zu "Risikomanagement → Berichte → Schutzbedarf". Anschließend wählen Sie die Schutzbedarfsanalysen für welche Sie den Bericht generieren wollen und konfigurieren diese über die Berichtsoptionen.
In this report, details on risks are presented. In addition, the risks are positioned in a risk matrix according to their criticality.  


Zum Generieren des Berichtes muss der pinke Button zum Herunterladen geklickt werden.
The measures and controls to be taken or already taken can be displayed for the individual risks. Furthermore, the development of the risks over time can be displayed.


<big><b>Berichtsoptionen:</b></big>
Users with the Compliance Manager role will also see measures and controls from all other management systems.


* Zusammenfassung inkludieren:
[[Media:Risikobericht ohne Maßnahmen mit Entwicklung.pdf | Risk report example of risks without M/C incl. development over time (DE)]]
::Durch das Aktivieren dieser Option wird Ihnen im Bericht eine Zusammenfassung aller Ergebnisse als Kreuzdiagramm angedruckt.


* Details zur Zusammenfassung inkludieren:
'''Generate risk report:'''
::Zusätzlich zum Kreuzdiagramm werden im oberen Abschnitt der Zusammenfassung all jene Interviews aufgelistet, die als Datenquelle für das Kreuzdiagramm dienen.


* Interviewergebnisse inkludieren:
To generate a risk report, you have to navigate to "Risk Management → Reports → Risks → General". There you have several options to generate the report:  
::Zusätzlich zum Kreuzdiagramm eines einzelnen Interviews wird die Begründung zu den Bewertungen der einzelnen Schutzziele angedruckt.
# '''Risks''': You can generate a risk report for one or more risks. However, you can only generate risk reports in management systems to which you are assigned.
# '''Structural elements''': You can list all the risks assigned to the selected structural elements.
# '''Responsible person(s)''' (compliance manager only): You can generate a risk report in which all risks are listed for which a specific team or a responsible person is responsible.


* Anhang mit Erklärung andrucken:
After that, just click on the pink download button to generate the report.
::Dieser Bericht enthält Berechnungen von Statistiken, Kennzahlen oder andere Inhalte mit Erklärungsbedarf. Standardmäßig wird daher ein Anhang mit Erläuterungen generiert. Wenn dies nicht gewünscht ist, kann diese Berichtsoption deaktiviert werden.


[[Datei:RM Schutzbedarf Bericht erstellen.png|left|thumb|904px|Berichte für Schutzbedarfsanalysen erstellen]]
<big><b>Report options</b></big>
 
With the report options, you can specify what status measures/controls have to be in in order to appear in the report.
 
Additionally, you can decide whether or not to show the [[Special:MyLanguage/Risikobewertung#time_dev | temporal development ]] of the risks in the report and whether or not to add the gaps linked with the respective risks.
 
[[Datei:RM Gefährdungslage Bericht erstellen.png|left|thumb|902px|Generate risk report]]
<br clear=all>
<br clear=all>


<div class="mw-translate-fuzzy">
===Gross-net-risk report===
== Deviation report ==
This report lists details about the development of a risk. The focus of the report, therefore, lies on the aspect of the gross-net-risk, which is managed with measures and controls.
</div>


In diesem Bericht werden wahlweise die Ergebnisse aus einer oder mehreren Überprüfungen dargestellt. Achten Sie bei der Auswahl der Überprüfungen darauf, dass diese nach dem ausgewählten Analysezeitraum eingegrenzt werden. Eine Vielzahl an Berichtsoptionen hilft Ihnen dabei, die Berichte so zu konfigurieren, dass Sie Ihrem Bedarf entsprechend dargestellt werden.
All to-be-implemented as well as already implemented measures and controls are listed for the individual risks. The gross risk as well as the possible net risk scenarios can be displayed separately. If desired, the development over time of the risk can also be displayed.


[[Media:Abweichungsbericht Beispiel Überprüfungen.pdf |  Deviation report example Reviews without proposals ZR 5]]
<b>Caution:</b> The measures and controls from other management systems are only visible for users with the role "Compliance manager".


[[Media:Abweichungsbericht Beispiel Verantwortlich.pdf | Deviation Report Example Responsible with Proposals ZR 3]]
[[Media:Brutto-Netto-Risikobericht.pdf | Example Gross-net-risk report: gross and net risks shown with matrices, no details for M/C (DE)]]


[[Media:Abweichungsbericht Beispiel OrgEh.pdf |  Deviation Report Example Organizational Unit all audit questions without proposals ZR 2]]
<big><b>Create gross-net-risk report:</b></big>


<div class="mw-translate-fuzzy">
To generate a gross-net risk report, you have to navigate to "Risk Management → Reports → Risks → Gross-net-risk". There you can generate the report for a selected risk with different characteristics. Reports can only be created for risks in management systems one is authorized for. (The exception are compliance managers, who can generate reports for all risks in all management systems.)
'''Prepare deviation report:'''
</div>


<div class="mw-translate-fuzzy">
Click the pink download button to generate the report.
To generate a deviation report navigate to "Risk Management → Reports → Deviation Analysis". There you have several options to generate such a report:
# Reviews
#:* You can select and analyze multiple reviews.
#:* You can create deviation reports on reviews only in management systems to which you are assigned.
#:* When selected, only reviews of the current management system in the selected analysis period will be displayed.
# Responsible person(s) (Compliance Manager only).
#:* You can analyze all reviews for which a team or responsible person is responsible.
# Organizational unit (Compliance Manager only)
#:* You can analyze all reviews created within an organizational unit.
#:* When selected, only organizational units for which reviews exist in the current management system and in the selected analysis period are displayed.
</div>


<div class="mw-translate-fuzzy">
<big><b>Report options</b></big>
It is possible to create a report for several analysis periods. To do this, you must go through each analysis period in which you want to have checks available and select the checks. If you select a new analysis period, the checks from the previous ones will no longer be displayed, but will remain selected.
</div>  


<b>Achtung:</b> Wählen Sie einen neuen Analysezeitraum, werden die Überprüfungen aus den vorherigen nicht mehr angezeigt, bleiben aber selektiert.
The exact structure and content of the report can be configured with the report options.
*<u>Gross risk</u>: Adds the probability of occurrence and the extent of damage of the original gross risk.
*<u>Treatment of the gross risk</u>: Adds the measures and control intended for the treatment of the gross risk.
*<u>Ability to Control</u>:  Adds the ability to control of the treating measures and controls to the information of the gross risk.
*<u>Treatment of the current risk</u>: Adds the measures and control intended for the treatment of the gross risk.
*<u>Net risk with best/most likely/worst case</u>: Adds the probability of occurrence and the extent of damage of the selected net risk scenarios. At least one scenario needs to be selected for this.
*<u>Risk matrices</u>: Adds the matrix as an image to the textual information of the gross and net risks.
The remaining report options control the amount of details for the report's content.


<div class="mw-translate-fuzzy">
[[Datei:Berichtseite BNR.png|left|thumb|902px|Create gross-net-risk report]]
After that, click on the respective button "Download deviation report as PDF" to generate the deviation report.
<br clear=all>
</div>


<big><b>Berichtsoptionen</b></big>
<span id="Schutzbedarf"></span>
* Managementsystem (nur Compliance Manager)
== <span id="prot_need"></span> Protection needs ==
:: Diese Option steuert, aus welchem Managementsystem die Überprüfungen, die zur Auswahl stehen, kommen.
:: Dadurch kann auch ein Managementsystem übergreifender Abweichungsbericht erzeugt werden.
* Analysezeitraum
:: Diese Option steuert aus welchem Analysezeitraum, die zur Auswahl stehenden Überprüfungen kommen.
* Zielreifegrad
:: Diese Option gibt an, ab wann eine Prüffrage als Abweichung gilt. Ist die Beantwortung unter dem eingestellten Wert, handelt es sich um Abweichungen.
Die restlichen Optionen spezifizieren welche Informationen von den Prüffragen angezeigt werden und welche Bedingungen Prüffragen erfüllen müssen damit sie im Bericht angezeigt wird.


Es kann auch ausgewählt werden, dass die mit den Prüffragen verknüpften Maßnahmen / Kontrollen angezeigt werden.
In this report, the results of either one or multiple protection needs analyses are displayed. Choices can be made regarding the summary of the results as well as their details. Additionally, it's possible to add an appendix with explanations for the basis of the assessment in the protection needs analysis.


<div class="mw-translate-fuzzy">
<big><b>Generate protection needs report:</b></big>
[[Datei:Abweichungsbericht auswahl.png|left|thumb|803px|Create deviation report]]
<br clear=all>
</div>


<div class="mw-translate-fuzzy">
To generate a protection needs analysis, you have to navigate to "Risk management → Reports → Protection needs". Then, choose which protection needs analysis to generate the report for and configure this via the report options.
== Action and control reports ==
</div>


To create an action or control report, you must be a compliance manager.
To generate the report click on the pink download button. This is only possible in PDF format for this report.


<div class="mw-translate-fuzzy">
<big><b>Report options:</b></big>
In this report, the measures and controls to be taken or that have been taken are presented for each risk. It is also possible to generate reports on the status of the measures and controls mapped to a standard or to create a report for management. In this report, you receive a summary of the measures and controls mapped to a standard.
</div>


* <u>Summary</u>: Selecting this option adds a summary of all results in the form of a crosstab to the report.


[[Media:Maßnahmen- und Kontrollbericht Beispiel.pdf | Measures and control report Example]]
* <u>Summary details</u>: In addition to the crosstab, the upper section of the summary includes a list of all interviews that form part of the crosstab's data source.


[[Media:Maßnahmenbericht Norm Beispiel.pdf |  Measures report for a standard  ]]
* <u>Interview results</u>: In addition to the crosstab of an individual interview, the rationale for the assessments of the individual protection needs is added.


[[Media:Management Summary Beispiel Bericht.pdf |  Management Summary Example Report]]
* <u>Table of contents</u>: Decides whether the table of contents is printed or not.


'''Prepare action and control report:'''
* <u>Appendix with explanations</u>: This report contains calculations of statistics, key figures or other content requiring explanation. An appendix with explanations is therefore generated by default. If this is not desired, this report option can be deactivated.


[[Datei:Maßnahmen und Kontrllbericht Bericht auswahl.png|left|thumb|804px|Create measures and control report]]
[[Datei:RM Schutzbedarf Bericht erstellen.png|left|thumb|906px|Reports for Protection needs analyses]]
<br clear=all>
<br clear=all>


<div class="mw-translate-fuzzy">
<span id="Abweichungsanalysen"></span>
To generate a deviation report, navigate to "Risk Management → Reports → Measures and Controls". There you will find several options to generate a measures and controls report:
== <span id="gap_report"/> Gap report ==
# Risks
 
#:* You can generate a measures and controls report from a single risk.
In this report, the results of either one or multiple gap analyses are displayed. When choosing the reviews, take note that they are limited by the chosen analysis period. An array of report options allow you to configure the reports to be displayed the way you need them.
#:* However, you can only generate risk reports in management systems where you are assigned.  
 
#:* You have the option to include or exclude measures or controls through the reporting options.
[[Media:Abweichungsbericht Beispiel Überprüfungen.pdf |  Gap report example: reviews without proposals ZR 5]]
# Standards/Norm
 
#:* You can generate a measure, control or summary management report on a standard or norm. These reports display all measures and controls - mapped to a standard.
[[Media:Abweichungsbericht Beispiel Verantwortlich.pdf |  Gap report example: responsible with pProposals ZR 3]]
</div>
 
[[Media:Abweichungsbericht Beispiel OrgEh.pdf |  Gap report example: organizational unit all audit questions without proposals ZR 2]]
 
'''Create deviation report:'''
 
To generate a deviation report navigate to "Risk Management → Reports → Gap Analyses". There, you have several options to generate such a report:
# '''Reviews''': This report contains all information about the selected reviews. The selection shows only reviews from the current management system in the selected analysis period (with the report options to the right).
# '''Responsible(s)''' (compliance manager only): This report contains all reviews the selected person(s) or team(s) is/are responsible for.
# '''Organizational unit''' (compliance manager only): This report contains all reviews that have been created for an organizational unit. The selection shows only organizational units for which reviews exist in the current management system and within the selected analysis period.  


Then click on the respective "Download report as PDF" button to generate the measures and control report.
It is possible to create a report for several analysis periods. For this, change the analysis period among the report options to the right. Then, the reviews of the chosen analysis period are made available.  


---->
<b>Caution:</b> If you select a new analysis period, the reviews from the previous ones will no longer be displayed, but will remain selected.


<div class="mw-translate-fuzzy">
After that, click on the respective pink download button to generate the gap report.
== Conformity report ==
</div>


Hier können Berichte zur Darstellung des Grades der Standard/Norm-Erfüllung bzw. Erfüllung von Abweichungsanalysen erstellt werden.
<big><b>Report options</b></big>
* <u>Management system</u>: (compliance manager only) This option controls which management system the available elements come from. This allows for generating a report that spans multiple management systems.
* <u>Analysis period</u>: This options controls what analysis period the available reviews come from.
* <u>Target score</u>: This option shows, when a response to a question constitutes a gap. If the response is below the defined value, it is a gap.
* <u>Treatment plan by determination type</u>: This option adds a short overview of all measures and controls at the beginning of the report, grouped by Hints/Recommendations/Minor deviations/Major deviations.
The remaining options specify which information is added regarding the questions and what characteristics questions need to have in order to be printed in the report.  


Diese Berichte geben für jedes Prüfobjekt bzw. jedes Normkapitel einen durchschnittlichen Reifegrad an.
You can also choose to add the measures and controls linked with the review questions.
Dieser durchschnittliche Reifegrad wird wie folgt berechnet:
* bei Prüfobjekten:
:: Alle Prüffragen werden gleich gewichtet, d.h. wenn ein Prüfobjekt 10 Prüffragen hat, von denen 5 mit Reifegrad 3, 3 mit Reifegrad 4 und 2 mit Reifegrad 2 beantwortet wurden, so ergibt sich der durchschnittliche Reifegrad aus: (5*3+3*4+2*2)/10 und beträgt 3,1.
* bei Standard- oder Norm-Kapitel:
:: Es wird zwischen unteren und oberen Kapitel Ebenen unterschieden.
::*Auf unterster Ebene mappen Normkapitel nur auf Prüfobjekte, wobei alle Prüfobjekte gleich gewichtet werden. Das bedeutet, dass der Durchschnitt von den einzelnen Prüfobjekten wie oben beschrieben berechnet wird und anschließend werden die Durchschnitte der Prüfobjekte aufsummiert und mit der Anzahl an Prüfobjekten dividiert. Sprich ein Kapitel mit 3 Prüfobjekten die jeweils einen Durchschnitt von 2.5, 3.3 und 4.1 hat einen Durchschnitt von (2.5+3.3+4.1)/3 also 3,3.
::* Auf oberen Ebenen mappen Kapitel auf Unterkapitel und auch potenziell auf Prüfobjekte. Der durchschnittliche Reifegrad des Oberkapitels ergibt sich hierbei aus der Summe der Durchschnitte der direkten Unterkapitel und der Summe der direkt gemappten Prüfobjekte. Das bedeutet, hat ein Oberkapitel 2 Unterkapitel, die jeweils einen Durschnitt von 4 aufweisen, und 3 Kapitel, die mit 2, 3 und 4 beantwortet wurden, dann ergibt sich der durchschnittliche Reifegrad für das Oberkapitel aus: (4+4+2+3+4)/5 er beträgt also 3,4.


[[Datei:RM Konformität auswahl.png|left|thumb|900px|Konformitätstyp auswählen]]
[[Datei:RM Abweichungsanalysen Bericht erstellen.png|left|thumb|902px|Create gap report]]
<br clear=all>
<br clear=all>


<div class="mw-translate-fuzzy">
<span id="Konformität"></span>
=== Conformity report after verifications ===
== <span id="conf"></span> Conformity report ==
</div>
 
[[Datei:RM Konformität auswahl.png|left|thumb|650px|Choose conformity type]]
<br clear=all>


The purpose of this report is to graphically illustrate the fulfillment of the prerequisites based on individual checks. The fulfillment of the prerequisite points is presented visually in the form of spider diagrams, pie charts or tachos.
Here, you can generate reports to show the conformity with a standard or norm as well as the results of gap analyses.


These reports show a distinct average score for each requirement or norm chapter. This average score is calculated as follows:
* For requirements:
:: All review questions are weighted equally. This means, if a requirement has 10 review questions, 5 of which are at score  3, 3 are at 4 and 2 are at 2, then the average score is: (5*3+3*4+2*2)/10 and comes out to 3.1.
* For standard/norm chapters:
:: A distinction is made between primary and secondary chapter levels.
::* At the lower level, norm chapters map onto requirements. This means, that the average score for the requirements is calculated as shown above. In the next step, the averages of the requirements are summed up and divided by the number of requirements. Therefore, a chapter with 3 requirements that have a level of 2.5, 3.3 and 4.1, respectively, the average score is: (2.5+3.3+4.1)/3 and comes out to 3.3.
::* At the upper level, chapters map onto secondary chapters as well as requirements, potentially. The average score of the primary chapter stems from the sum of the averages of its direct secondary chapters and the sum of the mapped requirements. This means, if a primary chapter has 2 secondary chapters with a level of 4 each and 3 chapters with 2, 3 and 4, respectively, then the average score for the primary chapter is: (4+4+2+3+4)/5 and comes out to 3.4.


<big><b>Konformitätsbericht nach Überprüfungen erstellen:</b></big>
=== <span id="comp_review"/> Conformity report by reviews ===
----


<div class="mw-translate-fuzzy">
The purpose of this report is to graphically illustrate the fulfillment of the prerequisites based on individual reviews. The fulfillment of the prerequisite points is presented visually in the form of spider diagrams, pie charts or tachometers.
# Verifications:
#:* You can generate a compliance report from one or more reviews.
# Responsible parties: (Compliance Manager only)
#:* You can generate a compliance report from one responsible party, where all reviews assigned to this responsible party are analyzed.
# Organizational Units: (Compliance Manager only)
#:* You can generate a compliance report on an organizational unit, where all reviews assigned in this organizational unit are analyzed.
</div>


[[Media:Konformitätsbericht Beispiel Überprüfung.pdf| Conformity Report Example: Reviews]]


[[Media:Konformitätsbericht Beispiel Verantwortlicher.pdf |  Conformity report Example: Responsible person]]
<big><b>Create report of conformity by reviews:</b></big>


<big><b>Berichtsoptionen</b></big>
# '''Reviews''': You can generate a conformity report from one or more reviews.
* Managementsystem (nur Compliance Manager)
# '''Responsible''' (compliance manager only): You can generate a compliance report for one responsible person or team, where all reviews assigned to this responsible person or team are analyzed.
:: Diese Option steuert, aus welchem Managementsystem die Überprüfungen, die zur Auswahl stehen, kommen.
# '''Organizational units''' (compliance manager only): You can generate a compliance report for an organizational unit, where all reviews assigned in this organizational unit are analyzed.
:: Dadurch kann auch ein Managementsystem übergreifender Konformitätsbericht erzeugt werden. (Verhalten siehe Analysezeitraum)
* Analysezeitraum
:: Diese Option steuert, aus welchem Analysezeitraum die Überprüfungen, die zur Auswahl stehen, kommen.
:: Durch diese Option kann auch ein Konformitätsbericht über mehrere Analysezeiträume erstellt werden. Wechselt man den Analysezeitraum, werden die Überprüfungen, die in einem anderen gewählt wurden nicht entfernt. Sie werden nur im jeweiligen Analysezeitraum angezeigt.
* Zielreifegrad
:: Diese Option gibt an, ab wann eine Prüffrage als Abweichung gilt. Ist die Beantwortung unter dem eingestellten Wert, handelt es sich um Abweichungen (beeinflusst die Darstellung im Bericht).


Mit den restlichen Optionen kann zusätzlich konfiguriert werden, welche Prüffragen angedrückt werden, ob nicht abgeschlossene Überprüfungen inkludiert werden (relevant für Compliance Manager bei Auswahl von Verantwortlichen/Organisationseinheit), wie das Inhaltsverzeichnis aufgebaut ist und ob der Titel des Audits (wenn vorhanden) angezeigt wird.
[[Media:Konformitätsbericht Beispiel Überprüfung.pdf| Conformity report example: by reviews]]


[[Datei:RM Konformität nach Überprüfung Bericht erstellen.png|left|thumb|901px|Konformität nach Überprüfung]]
[[Media:Konformitätsbericht Beispiel Verantwortlicher.pdf |  Conformity report example: responsible person]]
 
<big><b>Report options</b></big>
* <u>Management system (compliance manager only):</u> This option controls which management system the available reviews come from. This allows for generating a report that spans multiple management systems.
* <u>Analysis period</u>: This options controls what analysis period the available reviews come from. This allows for generating a report that spans multiple analysis periods. If you change the analysis period, the previous reviews are not displayed but remain selected. They are only displayed within their respective analysis period.
* <u>Target score</u>: This option shows, when a response to a question constitutes a gap. If the response is below the defined value, it is a gap.
* <u>Treatment plan by determination type</u>: This option adds a short overview of all measures and controls at the beginning of the report, grouped by Hints/Recommendations/Minor deviations/Major deviations.
 
The remaining options allow for further configurations, such as which review questions to add, whether or not to include only completed reviews (relevant for commpliance managers when choosing the responsible person/organizational unit), how the table of content is to be structured and whether the audit title should be displayed (if available).
 
[[Datei:RM Konformität nach Überprüfung Bericht erstellen.png|left|thumb|902px|Conformity by review]]
<br clear=all>
<br clear=all>


<div class="mw-translate-fuzzy">
=== Conformity report by standards and norms ===
=== Conformity report according to standards and norms ===
----
</div>


<div class="mw-translate-fuzzy">
The purpose of this report is to graphically illustrate the fulfillment of the prerequisites in each requirement area of the standard. The fulfillment of the prerequisite items will be visually represented in the form of spider diagrams, pie charts, or tachometers. After selecting a standard, a list of applicable knowledge bases and their various versions will appear. From this, choose all knowledge bases and versions thereof which are to be part of the report's data basis.
The purpose of this report is to graphically illustrate the fulfillment of the prerequisites in each requirement area of the standard. The fulfillment of the prerequisite items will be visually represented in the form of spider diagrams, pie charts, or tachometers. For display purposes, questions answered Yes, No, or Partially are converted to maturity levels. "No" corresponds to maturity level 1, "Partial" corresponds to maturity level 3, and "Yes" corresponds to maturity level 5.
</div>


Für die Darstellung werden Fragen, die mit Ja, Nein oder Teilweise beantwortet wurden, zu Reifegraden umgewandelt. "Nein" entspricht Reifegrad 1, "Teilweise" Reifegrad 3 und "Ja" entspricht Reifegrad 5.
For display purposes, questions answered Yes, No, or Partially are converted to scores. "No" corresponds to score 1, "Partial" corresponds to score 3, and "Yes" corresponds to score 5.


<big><b>Konformitätsbericht nach Standards und Normen erstellen:</b></big>
<big><b>Create conformity report by standard:</b></big>


Zuerst muss die gewünschte Norm oder der Standard ausgewählt werden zu dem ein Konformitätsbericht generiert werden soll. Im Anschluss sollte der Bericht noch über die Berichtsoptionen konfiguriert werden. Um den Bericht zu generieren muss noch auch den pinken Button zum Herunterladen geklickt werden.
First, the desired norm or standard must be selected for which a conformity report is to be generated. Then you have to select which knowledge bases should be considered for the report.


The selected knowledge bases form the basis for the evaluations in the report. Only knowledge bases that have a mapping to the selected standard and at least one review object (of a gap analysis) are displayed. If a review object exists in several versions, only the one with the highest version is considered. If a restriction is also made to an OrgUnit, the highest version of the review object that is linked to the OrgUnit is used. In addition, note that reviews may not be in the state "Draft" or the respective knowledge bases will also not be listed.


<big><b>Berichtsoptionen</b></big>
<big><b>Report options</b></big>
* Managementsystem (nur Compliance Manager)
* <u>Management system (compliance manager only):</u> This option controls which management system the available reviews come from. This allows for generating a report that spans multiple management systems.
:: Diese Option steuert, für welches Managementsystem der Konformitätsbericht erstellt werden soll.
* <u>Analysis period</u>: This option controls for which analysis period the conformity report should be created. This ensures that only test objects up to and including the selected analysis period are taken into account. Test objects from more recent analysis periods (newly created or re-evaluated) will not be included in the report.
:: Ohne die Rolle Compliance Manager, kann der Konformitätsbericht nur für das aktuelle Managementsystem generiert werden.
* <u>Time period</u>: The period can be limited to a certain date in addition to the analysis period.
* Analysezeitraum
* <u>Target score</u>: This option shows when a response to a question constitutes a gap. If the response is below the defined value, it is a gap.
:: Diese Option steuert für welchen Analysezeitraum der Konformitätsbericht erstellt werden soll.
* <u>Questions</u>: These options specify which information is added regarding the questions and what characteristics questions need to have in order to be printed in the report.
* Zielreifegrad
* <u>Target score on the cover page</u>: This option controls whether the set target score is printed on the cover page of the report.
:: Diese Option gibt an, ab wann eine Prüffrage als Abweichung gilt. Ist die Beantwortung unter dem eingestellten Wert, handelt es sich um Abweichungen (beeinflusst die Darstellung im Bericht).
* <u>Only closed reviews</u>: This option decides whether review results from open reviews are considered in the analysis or only those of closed ones.
::Die restlichen Optionen dienen zum Konfigurieren, welche Prüffragen und Überprüfungen im Bericht angedrückt werden.
* <u>Include mapped standard chapters</u>: This option decides whether review results should be included that are related to mapped norm chapters. This means chapters in previous and follow-up versions of the norm, as well as other thematically related norms.
* Organisationseinheit
* <u>Organizational unit</u>: This options allows for limiting the conformity report to the selected organizational unit and those below it in the hierarchy.This means that only review objects that are linked to the selected OrgEh in are relevant for the evaluation in the report.
:: Durch diese Option kann der Konformitätsbericht auf die ausgewählte Organisationseinheit und die in der Hierarchie darunter befindliche Organisationseinheiten eingeschränkt werden.
* <u>Type of evaluation</u>:
* Auswertung
:*Tabular evaluation
:: Durch diese Option kann konfiguriert werden, welche Form der Auswertung inkludiert wird.
:*Tabular evaluation + graphical evaluation of the main chapters
* Nicht anwendbare Kapitel
:*Graphical evaluation of the main chapters
:: Durch diese Option können die Kapitel die für das ausgewählte Managementsystem nicht anwendbar sind aus dem Konformitätsbericht ausgeschlossen werden.
:*Graphical evaluation of the mail chapters & subchapters incl. questions
* <u>Not applicable chapters</u>: This option allows you to exclude those chapters that have been marked as "not applicable" for the management system from the report.


[[Datei:RM Konformität nach Standard Bericht erstellen.png|left|thumb|900px|Konformität nach Standard oder Norm]]
[[Datei:RM Konformität nach Standard Bericht erstellen.png|left|thumb|901px|Conformity report by standard or norm]]
<br clear=all>
<br clear=all>


<div class="mw-translate-fuzzy">
== <span id="san"></span> Standards and Norms ==
== Standards and norms ==
Reports about standards and norms can be generated here.
</div>


[[Datei:RM Standards auswahl.png|left|thumb|900px|Bericht für Standards und Normen auswählen]]
[[Datei:RM Standards auswahl.png|left|thumb|901px|Choose report for standards and norms]]
<br clear=all>
<br clear=all>


Die Kapitelabdeckung bei den Berichten wird folgendermaßen berechnet:
The chapter applicability for the reports is calculated as follows:
:Szenario 1:
 
:*Kapitel 1 - ohne Maßnahme
{| class="wikitable"
:**Kapitel 1.1 - mit Maßnahme
!Scenario 1:
:**Kapitel 1.2 - mit Maßnahme
|Chapter 1 - without measures<br>Chapter 1.1 - with a measure<br>Chapter 1.2 - with a measure<br><br>The applicability of chapter 1 is 100%, because all chapters below have assigned measures.
:Die Abdeckung von Kapitel 1 beträgt 100%, da alle untergeordneten Kapitel Maßnahmen zugeteilt haben.
!Scenario 2:
:Szenario 2:
|Chapter  1 - with a measure<br>Chapter 1.1 - without measures<br>Chapter 1.2 - without measures<br><br>The applicability of chapter 1 is 100%. As the measure is assigned to the super-chapter, it also counts towards the sub-chapters.
:*Kapitel 1 - mit Maßnahme
!Scenario 3:
:**Kapitel 1.1 - ohne Maßnahme
|Chapter 1 - without measures<br>Chapter 1.1 - with a measure<br>Chapter 1.2 - without measures<br><br>The applicability of chapter 1 is 50%, because only half of its sub-chapters have measures assigned to them.
:**Kapitel 1.2 - ohne Maßnahme
|}
:Die Abdeckung von Kapitel 1 beträgt 100%. Da die Maßnahme zum übergeordneten Kapitel zugewiesen ist, zählt sie auch für die untergeordneten Kapitel.
:Szenario 3:
:*Kapitel 1 - ohne Maßnahme
:**Kapitel 1.1 - mit Maßnahme
:**Kapitel 1.2 - ohne Maßnahme
:Die Abdeckung von Kapitel 1 beträgt 50%, da nur die Hälfte der untergeordneten Kapitel Maßnahmen zugeteilt haben.


<div class="mw-translate-fuzzy">
=== Statement of Applicability (SOA)===
=== Statement of Applicability (SOA)===
</div>
----
This report shows which chapters of the standard are "applicable" or "not applicable" in the management system. It also includes the justification for each chapter's applicability and the measures and controls associated with the chapters.


*Donut-Diagramme zeigen die Anzahl und den Status zugewiesener Maßnahmen & Kontrollen. Die Gesamtzahl der Kapitel in der Auswertung entspricht der Anzahl der Kapitel auf der untersten Ebene. Wurde eine Maßnahme bzw. Kontrolle einem Kapitel zugewiesen, so wird sie auch allen seinen Unterkapiteln zugerechnet. Hat also ein Überkapitel eine Maßnahme oder Kontrolle zugeteilt, verhält es sich genauso, als wenn alle Unterkapitel diese Maßnahme oder Kontrolle zugeteilt hätten.
* Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
*In den Donut-Diagrammen wird dabei der Geltungsbereich (Scope) des Standards/der Norm berücksichtigt. Wurde dieser eingeschränkt, werden Kapitel, die als nicht anwendbar markiert wurden, nicht berücksichtigt. Dies kann durch Aktivieren der Option "Nicht anwendbare Kapitel in die Statistik aufnehmen" aufgehoben werden.
* In the donut diagrams, the scope of the standard is taken into account. If this has been restricted, chapters marked as not applicable are not taken into account. This can be canceled by activating the option Include not applicable chapters in the statistics.


Die Datenbasis kann dabei auf einen früheren Analysezeitraum eingeschränkt werden. Es werden dann nur Maßnahmen und Kontrollen berücksichtigt, die zu dem gewählten Analysezeitraum bereits existierten.
The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.


<u>Measures:</u>
With the option "Include mapped standard chapters", the database can be extended to mapped standard chapters. This means that if standard S1 has a chapter C that is mapped to standard S2 chapter C (S1.C => S2.C) and a report is generated from standard S1, the report will also include actions and controls that are mapped to standard S2 chapter C. This behavior also applies to chapters mapped from S2.C.
*Green = Completed measures
*Orange = Suspended measures
*Blue = Open measures


<u>Measures for chapters: </u>
{| class="wikitable"
*Red = Chapter without measures
!<u>Measures:</u>
*Blue = Chapter with open measures
|Green = Completed measures<br>Orange = Suspended measures<br>Blue = Open measures
*Green = Chapter with completed measures
|}


<u>Controls to chapters:</u>
{| class="wikitable"
*Orange = Suspended controls to chapters.
!<u>Measures for chapters: </u>
*Green = Active controls to chapters.
|Red = Chapter without measures<br>Blue = Chapter with open measures<br>Green = Chapter with completed measures
*Red = Chapters without controls
|}


<big><b>Statement of Applicability (SOA) erstellen </b></big>
{| class="wikitable"
!<u>Controls to chapters:</u>
|Orange = Suspended controls to chapters<br>Green = Active controls to chapters<br>Red = Chapters without controls
|}


Zum Generieren einer SOA muss zuerst eine Norm / ein Standard ausgewählt und das SOA über die Berichtsoptionen konfiguriert werden. Zum Generieren wird auf den pinken Button zum Herunterladen geklickt.
<big><b>Create Statement of applicability (SOA)</b></big>


<big><b>Berichtsoptionen</b></big>
To generate an SOA, choose a standard/norm and configure the SOA via the report options. Click on the pink download button to generate the report.
* Managementsystem (nur Compliance Manager)
:: Diese Option steuert, für welches Managementsystem das SOA generiert wird.
* Analysezeitraum
:: Diese Option steuert, aus welchem Analysezeitraum die Maßnahmen und Kontrollen die im SOA berücksichtigt werden, kommen.


Die restlichen Optionen ermöglichen es noch weiter zu konfigurieren, was in den Bericht mit aufgenommen wird. Die Auswahl "Statistik anzeigen" bestimmt beispielsweise, ob die Donut-Diagramme angezeigt werden sollen.
<big><b>Report options</b></big>
* <u>Management system (compliance Manager only)</u>: This option controls which management system the available reviews come from. This allows for generating a report that spans multiple management systems.
* <u>Analysis period</u>: This options controls what analysis period the available measures and controls come from.


The remaining options specify which information is added to the report. For example, "Show statistic" controls whether the donut diagrams are displayed.


[[Datei:RM Standard SOA Bericht erstellen.png|left|thumb|880px|Statement of Applicability]]
 
[[Datei:RM Standard SOA Bericht erstellen.png|left|thumb|882px|Statement of Applicability]]
<br clear=all>
<br clear=all>


<div class="mw-translate-fuzzy">
=== Management Summary ===
=== Management Summary ===
</div>
----
This report provides a management overview of the measures and controls assigned to a standard/norm.


*Donut-Diagramme zeigen die Anzahl und den Status zugewiesener Maßnahmen und Kontrollen. Die Gesamtzahl der Kapitel in der Auswertung entspricht der Anzahl der Kapitel auf der untersten Ebene. Wurde eine Maßnahme bzw. Kontrolle einem Kapitel zugewiesen, so wird sie auch allen seinen Unterkapiteln zugerechnet. Hat also ein Überkapitel eine Maßnahme oder Kontrolle zugeteilt, verhält es sich genauso, als wenn alle Unterkapitel diese Maßnahme oder Kontrolle zugeteilt hätten.
* Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
*Ein Balkendiagramm zeigt die Anzahl der Maßnahmen und Kontrollen nach Hauptkapiteln an. Die Anzahl entspricht der Summe der Maßnahmen bzw. Kontrollen, die dem Hauptkapitel und jedem darunter befindlichen Kapitel zugewiesen sind. Eine mehrmals zugewiesene Maßnahme bzw. Kontrolle wird je Hauptkapitel nur einmal gezählt.
* A bar chart shows the number of measures & controls by main chapters. The number is the sum of the measures or controls assigned to the main chapter and each sub-chapter below it. A measure or control assigned several times is only counted once per main chapter.
*Der Bericht berücksichtigt dabei den Geltungsbereich (Scope) des Standards/der Norm. Wurde dieser eingeschränkt, werden Kapitel, die als nicht anwendbar markiert wurden, nicht berücksichtigt. Dies kann durch Aktivieren der Option Nicht anwendbare Kapitel in die Statistik aufnehmen aufgehoben werden.
* The report takes into account the scope of the standard. If the scope is limited, chapters marked as not applicable are not taken into account. This can be canceled by activating the option Include not applicable chapters in the statistics.


Die Datenbasis kann dabei auf einen früheren Analysezeitraum eingeschränkt werden. Es werden dann nur Maßnahmen und Kontrollen berücksichtigt, die zu dem gewählten Analysezeitraum bereits existierten.
The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.


[[Media:Management Summary Beispiel Bericht.pdf |  Management Summary Example Report]]
[[Media:Management Summary Beispiel Bericht.pdf |  Management Summary example report]]


<big><b>Management Summary erstellen </b></big>
<big><b>Create management summary </b></big>


Zum Generieren einer Management-Summary muss zuerst eine Norm / ein Standard ausgewählt und der Bericht über die Berichtsoptionen konfiguriert werden. Zum Generieren muss anschließend nur auf den pinken Button zum Herunterladen geklickt werden.
To generate a management summary, choose a standard/norm and configure the management summary via the report options. Click on the pink download button to generate the report.


<big><b>Berichtsoptionen</b></big>
<big><b>Report options</b></big>
* Managementsystem (nur Compliance Manager)
* <u>Management system (compliance manager only)</u>: This option controls which management system the available reviews come from. This allows for generating a report that spans multiple management systems.
:: Diese Option steuert, für welches Managementsystem die Management Summary generiert wird.
* <u>Analysis period</u>: This options controls what analysis period the available measures and controls come from.
* Analysezeitraum
:: Diese Option steuert aus welchem Analysezeitraum die Maßnahmen und Kontrollen die in der Management Summary berücksichtigt werden kommen.


Die restlichen Optionen ermöglichen es noch weiter zu konfigurieren, was in den Bericht mit aufgenommen wird. Die Auswahl "Statistik anzeigen" bestimmt beispielsweise, ob die Donut-Diagramme angezeigt werden sollen.
The remaining options specify which information is added to the report. For example, "Statistic" controls whether the donut diagrams are displayed.


[[Datei:RM Standard Management Summary Bericht erstellen.png|left|thumb|880px|Management Summary]]
[[Datei:RM Standard Management Summary Bericht erstellen.png|left|thumb|882px|Management Summary]]
<br clear=all>
<br clear=all>


== Strukturanalyse ==
== <span id="structural"></span> Strukturanalyse ==
Hier können Berichte zur RTO und RPO Erfüllung generiert werden. Mehr Information zu RTO und RPO finden Sie unter [[Strukturanalyse#RTO | "Risikomanagement Strukturanalyse"]].
Reports on RTO and RPO fulfillment can be generated here. You can find more information on RTO and RPO under [[Strukturanalyse#RTO | "Risk management Structural analysis"]].
[[Datei:RM RTO RPO auswahl.png|left|thumb|900px|Bericht für RTO oder RPO auswählen]]
[[Datei:RM RTO RPO auswahl.png|left|thumb|901px|Select RTO or RPO report]]
<br clear=all>
<br clear=all>


=== RTO-Erfüllung ===
<span id="RTO-Erfüllung"></span>
=== RTO-Fulfillment ===
 
This report shows whether or not the requirements derived from the various protection needs analyses (PNAs) for the resources can be met in terms of the maximum justifiable recovery time in each case.
 
The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum justifiable recovery time.


Dieser Bericht zeigt ob die aus den diversen Schutzbedarfsanalysen abgeleiteten Anforderungen an die Ressourcen hinsichtlich der maximal vertretbaren Wiederanlaufzeit erfüllt werden können oder nicht. Dabei kann die Erfüllung wahlweise für eine bestimmte Ressource (Auswahl der Ressource im Drop Down) oder die gesamte Struktur (keine Auswahl einer spezifischen Ressource über das Drop Down) ausgewertet werden.  
If the report is restricted to a resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered.


<big><b>RTO-Erfüllungsbericht erstellen </b></big>
<big><b>Create RTO-Fulfillment report</b></big>


Zum Generieren eines RTO-Erfüllungsbericht muss zuerst die Ressource für die die RTO-Erfüllung analysiert werden soll ausgewählt werden und der Bericht über die Berichtsoptionen konfiguriert werden.  
To generate a RTO fulfillment report, first choose the resource for which the RTO fulfillment is to be analyzed and configure the report via the options.  


Zum Generieren muss anschließend nur auf den pinken Button zum Herunterladen geklickt werden.
Then, click the pink download button to generate the report.


<big><b>Berichtsoptionen</b></big>
<big><b>Report options</b></big>


Dieser Bericht enthält Berechnungen von Statistiken, Kennzahlen oder andere Inhalte mit Erklärungsbedarf. Standardmäßig wird daher ein Anhang mit Erläuterungen generiert. Wenn dies nicht gewünscht ist, kann dies über die Berichtsoption "Anhang mit Erklärungen andrucken" deaktiviert werden.
This report contains calculations of statistics, key figures or other content requiring explanation. An appendix with explanations is therefore generated by default. If this is not desired, this report option can be deactivated.


Es kann ebenfalls entschieden werden ob Erfüllte oder nicht erfüllte Anforderungen im Bericht aufscheinen sollen oder nicht.
It can also be decided whether fulfilled or not fulfilled requirements should appear in the report or not.


Außerdem kann konfiguriert werden wieviel Information zu den relevanten Ressourcen im Bericht angedrückt wird.
It is also possible to configure how much information about the relevant resources is printed in the report.


[[Datei:RM RTO Erfüllung Bericht erstellen.png|left|thumb|900px|RTO Bericht erstellen]]
[[Datei:RM RTO Erfüllung Bericht erstellen.png|left|thumb|902px|Create RTO fulfillment report]]
<br clear=all>
<br clear=all>


=== RPO-Erfüllung ===
<span id="RPO-Erfüllung"></span>
=== RPO-Fulfillment ===
 
This report shows whether the requirements derived from the various protection needs assessments (PNAs) for the resources in terms of maximum acceptable data loss can be met in each case or not.
 
The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum acceptable data loss.


Zeigt ob die aus den diversen Schutzbedarfsanalysen abgeleiteten Anforderungen an die Ressourcen hinsichtlich des maximal vertretbaren Datenverlusts jeweils erfüllt werden können oder nicht. Dabei kann die Erfüllung wahlweise für eine bestimmte Ressource (Auswahl der Ressource im Drop Down) oder die gesamte Struktur (keine Auswahl einer spezifischen Ressource über das Drop Down) ausgewertet werden.
If the report is restricted to one resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered.


<big><b>RPO-Erfüllungsbericht erstellen </b></big>
<big><b>Create RPO-Fulfillment report</b></big>


Zum Generieren eines RPO-Erfüllungsbericht muss zuerst die Ressource für die die RPO-Erfüllung analysiert werden soll ausgewählt werden und der Bericht über die Berichtsoptionen konfiguriert werden.  
To generate an RPO-Fulfillment report, first select the resource for which RPO-Fulfillment is to be analyzed and configure the report using the report options.  


Zum Generieren muss anschließend nur auf den pinken Button zum Herunterladen geklickt werden.
Then, click the pink download button to generate the report.


<big><b>Berichtsoptionen</b></big>
<big><b>Report options</b></big>


Dieser Bericht enthält Berechnungen von Statistiken, Kennzahlen oder andere Inhalte mit Erklärungsbedarf. Standardmäßig wird daher ein Anhang mit Erläuterungen generiert. Wenn dies nicht gewünscht ist, kann dies über die Berichtsoption "Anhang mit Erklärungen andrucken" deaktiviert werden.
This report contains calculations of statistics, key figures or other content requiring explanation. An appendix with explanations is therefore generated by default. If this is not desired, this report option can be deactivated.


Es kann ebenfalls entschieden werden ob Erfüllte oder nicht erfüllte Anforderungen im Bericht aufscheinen sollen oder nicht.
It can also be decided whether fulfilled or not fulfilled requirements should appear in the report or not.


Außerdem kann konfiguriert werden wieviel Information zu den relevanten Ressourcen im Bericht angedrückt wird.
It is also possible to configure how much information about the relevant resources is printed in the report.


[[Datei:RM RPO Erfüllung Bericht erstellen.png|left|thumb|900px|RPO Bericht erstellen]]
[[Datei:RM RPO Erfüllung Bericht erstellen.png|left|thumb|902px|Create RPO-Fulfillment report]]
<br clear=all>
<br clear=all>
-->

Aktuelle Version vom 16. Mai 2025, 08:42 Uhr

HITGuard offers the possibility of generating various risk management reports under "Risk management → Reports".

Report selection


To create a report, first choose a type of report. Subsequently, choose which data to include in the report (e.g. risks or reviews). Most reports also have additional report options which allow further specification of the report's contents.

Knowledge bases can be made available in different languages due to stored translations for used knowledge bases. For example, to generate a report with the English texts, the language must be changed using the flag icon at the top right of the screen, next to the logout button. This will load all content for the reports in the desired language, provided that a translation in that language is available for the knowledge base.

Download options:
The reports are available for download as PDF or DOCX files. Click the pink button to generate and download a report. Then, choose whether the report should be downloaded as a PDF or DOCX.

Additionally, there is the option to generate and archive the reports including revision information. In doing this, the report can be viewed, generated anew, or downloaded again by an expert under "Administration → Report archive". More information about this can be found under "Administration → Report archive".

When generating reports with revision information in the archive, there is also the option to send the report by e-mail to various recipients right away. More information about this can be found in the report archive and under "Administration → Report archive".

Remembering report options:Some of the report options can be found for various reports. For these, the selected options are remembered within the management system and for the individual user, and then also applied for other reports with that same option. For example, if the option "Table of contents" is selected, then it will already be selected when accessing any other report pages that use this option.

Licenses:
If no valid license for HITGuard is available, this will be displayed in the footer of the report! To change this, an expert or administrator has to request/upload a license under "Administration → Licensing".

The following reports are offered in the risk management section of HITGuard:

Risks and opportunities

General risk/opportunity report

In this report, details on risks and opportunities are presented. In addition, the risks and opportunities are positioned in a risk matrix according to their criticality. The measures and controls to be taken or already taken can be displayed for the individual risks and opportunities. Furthermore, the development of the risks and opportunities over time can be displayed.

Caution:Users with the Compliance Manager role will also see measures and controls from all other management systems.

Example risk management report: Risks without M/C details incl. temporal development

Generate risk/opportunity report

To generate a risk/opportunity report, you have to navigate to "Risk Management → Reports → Risks & opportunities → General". There you have several options to generate the report:

  1. Risks and opportunities: You can generate a risk/opportunity report for one or more risks. However, you can only generate reports in management systems to which you are assigned.
  2. Structural elements: You can list all the risks and opportunities assigned to the selected structural elements.
  3. Responsible person(s) (compliance manager only): You can generate a risk/opportunity report in which all risks and opportunities are listed for which a specific team or a person is responsible.

    After that, just click on the pink download button to generate the report.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Gaps Lists all gaps linked with the risk/opportunity.
Measures Dictates whether open AND/OR suspended AND/OR completed measures are printed.

Determines whether the progress overview AND/OR progress protocol AND/OR remarks are printed for the measures.
Controls Dictates whether active AND/OR suspended AND/OR deactivated controls are printed.

Determines whether the statistic AND/OR execution protocol AND/OR remarks are printed for the controls. Determines control executions of which status are included in the execution protocol.
Temporal development Lists the entries of the temporal development of the risk/opportunity in a chapter of their own.
Appendix with explanations Adds an appendix with various explanatory texts to the report.
Generate risk/opportunity report


Gross-net report

This report lists details about the development of a risk or opportunity. The focus of the report, therefore, lies on the aspect of the gross-net-risk/opportunity, which is managed with measures and controls. All to-be-implemented as well as already implemented measures and controls are listed for the individual risks or opportunities. The gross risk/opportunity as well as the possible net scenarios can be displayed separately. If desired, the development over time of the risk/opportunity can also be displayed.

Caution: The measures and controls from other management systems are only visible for users with the role "Compliance manager".

Example gross-net-risk report: Gross and net risk with matrices, no details for M/C

Create gross-net report

To generate a gross-net report, you have to navigate to "Risk Management → Reports → Risks & opportunities → Gross-net". There you can generate the report for a selected risk or opportunity with different characteristics. Reports can only be created for risks or opportunities in management systems one is authorized for. (The exception are compliance managers, who can generate reports for all risks and opportunities in all management systems.)

Click the pink download button to generate the report.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Treatment of the current risk/opportunity Determines whether the measures and controls for the treatment of the current risk/opportunity are included in the report.
Gross risk/opportunity Determines whether the evaluation of the gross risk/opportunity is included in the report.
Treatment of the gross risk/opportunity Determines whether the measures and controls for the treatment of the gross risk/opportunity are included in the report.
Ability to control Determines whether the ability to control of the already implemented sets of measures and controls are included int he report.
Net risk/opportunity Determines whether the evaluation of the net risk/opportunity is included in the report.
Best case AND/OR Most likely case AND/OR Worst case Determines whether and which scenarios of the net risk/opportunity are included in the report.
Matrices Determines whether, in addition to textual information, the evaluation of the gross risk/opportunity and the scenarios of the net risk/opportunity are included in the report as images.
Measures Determines for the measures whether the progress overview AND/OR the progress protocol AND/OR remarks are included in the report.
Controls Determines for the controls whether the statistic AND/OR the execution protocol AND/OR remarks are included in the report. Determines as well whether irrelevant control executions are to be considered in the report.
Time evolution Lists the entries of the risk/opportunity's time evolution in a separate chapter.
Appendix with explanations Adds an apendix with different explanatory texts.
Create gross-net-risk report


ESG

Reports on fields of action can be created here. In addition to the fields of action, detailed information on the risks, opportunities and effects of the fields of action is also printed. The report can be configured with a variety of reporting options so that risks, opportunities and impacts are presented according to your needs.

Create ESG report

To create an ESG report navigate to "Risk management → Reports → ESG". Then, choose the topic followed by the fields of action for which you want to generate a report, and configure it via the report options.

To generate the report click the pink download button.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Fields of action without score If this option is selected, fields of action that do not have a score are printed in the report. Otherwise, the report only contains fields of action that have a gross and/or net score.
Tabular description If this option is selected, all fields of action are additionally printed in the form of a table at the beginning of the report. This is to give an overview of all fields of action selected from the list.
Content from underlying fields of action With this you determine whether linked risks, opportunities, and impacts from lower levels of the hierarchy are printed with fields of action from higher levels of the hierarchy.
Non-material fields of action If this option is selected, non-material fields of action can be included in the report.

Whether a field of action is seen as material or not is configured under "Risk management > Settings".
Example: If the threshold for the financial materiality is set as 15, a field of action must have a financial materiality of 16 or higher, unless the option is selected. The same principle applies to the impact materiality.
Detailed description With this you determine if and which details for the fields of action are to be included in the report:

- gaps
- measures incl. choice of status and details
- controls incl choice of status and details (also for their executions)
- Time evolution

Appendix with explanations Adds an apendix with different explanatory texts.
Create ESG reports


Protection needs

In this report, the results of either one or multiple protection needs analyses are displayed. Choices can be made regarding the summary of the results as well as their details. Additionally, it's possible to add an appendix with explanations for the basis of the assessment in the protection needs analysis.

Generate protection needs report

To generate a protection needs analysis, you have to navigate to "Risk management → Reports → Protection needs". Then, choose which protection needs analysis to generate the report for and configure this via the report options.

To generate the report click on the pink download button.

Report options
Extent of damage This option determines which resources are included in the report. The report includes all resources that have at least one evaluation of the selected extent of damage or worse.
Table of contents This option determines whether a table of contents is included in the report.
Summary If a report contains multiple protection needs analyses, this option can add a summary of all results in the form of a crosstab to the report.
Summary details Prints a list of all interviews included in the data basis of the report above the crosstab.
Interview results Adds the rationale for the assessments of the individual protection needs and the crosstab for each interview to the report.
Appendix with explanations Adds an apendix with different explanatory texts.
Create protection needs reports


Gap analyses

In this report, the results of either one or multiple gap analyses are displayed. When choosing the reviews, take note that they are limited by the chosen analysis period. An array of report options allow you to configure the reports to be displayed the way you need them.

Example gap report: reviews without proposals ZR 5
Example gap report: responsible with proposals ZR 3
Example gap report: organizational unit all audit questions without proposals ZR 2

Generate gap analysis report

To generate a deviation report navigate to "Risk management → Reports → Gap analyses". There, you have several options to generate such a report depending on your role:

  1. Reviews: This report contains all information about the selected reviews. The selection shows only reviews from the current management system in the selected analysis period (with the report options to the right).
  2. Responsible(s) (Compliance manager only): This report contains all reviews the selected person(s) or team(s) is/are responsible for.
  3. Organizational unit (Compliance manager only): This report contains all reviews that have been created for an organizational unit. The selection shows only organizational units for which reviews exist in the current management system and within the selected analysis period.

It is possible to create a report for several analysis periods. For this, change the analysis period among the report options to the right. Then, the reviews of the chosen analysis period are made available.
Caution: If you select a new analysis period, the reviews from the previous ones will no longer be displayed, but will remain selected.

After that, click on the respective pink download button to generate the gap report.

Berichtsoptionen
Selection of the analysis period This option determines which analysis period the report elements come from.
Selection of the target score For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
Target score on the cover page Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
Table of contents This option determines whether a table of contents is included in the report.
Review Header data: if activated, all available information on the review is printed in the header data. If not, the report only shows the reviewed organizational units, beginning an dend of the review, as well as the participants, if filled in.

The remining options determine whether review remarks are printed, and whether and which graphics are included in the report (bar chart AND/OR compliance spider charts).
Review object Header data: if activated, all available information on the review object is printed in the header data. If not, the report only shows name of the review object.

The remining options determine whether and which graphics are included in the report (donut charts AND/OR scoreline).
Treatment plan by determination type Prints the treatment plan (meaning the measures and controls) clustered by determination type at the beginning of the report. This is only possible, if the determination type for reviews is activated in the audit management module.
Note: The treatment plan does not include positive determinations (model implementation).
Find out more on determination types here.
Tabular evaluation of review questions Prints an overview of the review questions and results with their answers in the form of a table. The cells containing the answers are colored as per the target score. Unnecessary review questions/results are grey. Not answered review questions/results are colorless and marked with "-". Anwered information gatherings are marked with "answ.".

All OR Only positive OR Only negative:
Determines for the table whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.

Information gatherings AND/OR Unnecessary AND/OR Not answered:
Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the table.
Detailed evaluation of review questions Prints a detailed overview of the review questions and results with various additional information in the report.

All OR Only positive OR Only negative:
Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.

Information gatherings AND/OR Unnecessary AND/OR Not answered:
Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.

Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:
Determines the inclusion of these elements in the detailed overview of the review questions/results.

Move to appendix:
If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
List attachments/evidences Prints the file names of attachments/evidences in the report..
Embed image attachments Image files (.jpg or .png) attached to review questions and/or review results are also embedded in the report as images. The file names of the respective images are printed below them. If available, the timestamp of the capture is also printed. Consequently, the file size of the report is larger and generation can take a little longer.
Attachments/evidences as zip-file The report is downloaded in a zip-folder along with any attachments/evidences. Links are listed in a .txt file.
Appendix with explanations Adds an apendix with different explanatory texts.
Create gap analysis report


Conformity

Choose conformity type

Here, you can generate reports to show the conformity with a standard or norm as well as the results of gap analyses.

These reports show a distinct average score for each requirement or norm chapter.

Weightings of review questions are not considered.

Evaluation by standards and norms:

Review questions mapped to chapters of standards and norms are considered for the calculation of score values. These can be answered in reviews. Review questions from various reviews can populate this evaluation. Review questions can be mapped to all chapter levels.

Example: ISO 9001 chapter 6 Planning, which consists of 3 subchapters.

  • Chapter 6 Planning (Score = 2.85)
    • Review question 1: Score = 2
    • Review question 2: Score = 2
    • Score for calculation: (2 + 2) / 2 = 2
  • 6.1 Measures for the handling of risks and opportunities (Score = 4)
    • Review question 3: Score = 3
    • Review question 4: Score = 5
    • Score for 6.1: (3 + 5) / 2 = 4
  • 6.2 Quality objectives and planning to their achievement (Score = 4)
    • Review question 5: Score = 4
    • Score for 6.2: (4) / 1 = 4
  • 6.3 Planning of Changes (Score = 3)
    • Review question 6: Score = 3
    • Review question 7: Score = 3
    • Score for 6.3: (3 + 3) / 2 = 3

To get the score for chapter 6, first the averages of the subchapters must be calculated (4 + 4 + 3) / 3 = 3.7. Then the value is calculated with the averages of the review questions of the main chapter (3.7 + 2) / 2 = 2.85.

Evaluation by reviews:

The evaluation by reviews is done on the basis of the contained topics (review objects). The final score of a review comes from the averages of the individual review object results. The score of the review objects comes from the average of the contained review questions.

Example: Review per ISO 9001 for chapter 5 Management (Score = 3.66) and chapter 6 Planning (Score = 3.14)

  • Chapter 5 Management (Score = 3.66)
    • Review question 1: Score = 3
    • Review question 2: Score = 5
    • Review question 3: Score = 3
    • Score = (3 + 5 +3) / 3 = 3.66
  • Chapter 6 Planning (Score = 3.14)
    • Review question 1: Score = 2
    • Review question 2: Score = 2
    • Review question 3: Score = 3
    • Review question 4: Score = 5
    • Review question 5: Score = 4
    • Review question 6: Score = 3
    • Review question 7: Score = 3
    • Score = (2 + 2 + 3 + 5 + 4 + 3 + 3) / 7 = 3.14

Note: For chapter 6 the same review questions were used as for the evaluation by standards and norms.

Conformity report by reviews

The purpose of this report is to graphically illustrate the fulfillment of the prerequisites based on individual reviews. The fulfillment of the prerequisite points is presented visually in the form of spider diagrams, pie charts or tachometers.

Generate conformity report by reviews

Depending on your role there are different ways of generating this report.

  1. Reviews: You can generate a conformity report for the selected reviews.
  2. Responsible (Compliance manager only): You can generate a compliance report for one responsible person or team, where all reviews assigned to this responsible person or team are listed with their respective evaluation.
  3. Organizational units (Compliance manager only): You can generate a compliance report for an organizational unit, where all reviews assigned in this organizational unit are listed with their respective evaluation.

Example conformity report: Reviews
Example conformity report: Responsible

Berichtsoptionen
Selection of the analysis period This option determines which analysis period the report elements come from.
Selection of the target score For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
Target score on the cover page Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
Table of contents This option determines whether a table of contents is included in the report.
Review objects/questions in table of contents This option determines whether the table of contents also contains individual review objects/questions.
Review Header data: if activated, all available information on the review is printed in the header data. If not, the report only shows the reviewed organizational units, beginning an dend of the review, as well as the participants, if filled in.

The remining options determine whether review remarks are printed, and whether and which graphics are included in the report (bar chart, donut diagram, compliance spider charts). The "unnecessary" option in this position affects all donut diagrams of the report.
Review object Header data: if activated, all available information on the review object is printed in the header data. If not, the report only shows name of the review object.

The remining options determine whether and which graphics are included in the report (donut charts AND/OR scoreline).
Tabular evaluation of review questions Prints an overview of the review questions and results with their answers in the form of a table. The cells containing the answers are colored as per the target score. Unnecessary review questions/results are grey. Not answered review questions/results are colorless and marked with "-". Anwered information gatherings are marked with "answ.".

All OR Only positive OR Only negative:
Determines for the table whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.

Information gatherings AND/OR Unnecessary AND/OR Not answered:
Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the table.
Detailed evaluation of review questions Prints a detailed overview of the review questions and results with various additional information in the report.

All OR Only positive OR Only negative:
Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.

Information gatherings AND/OR Unnecessary AND/OR Not answered:
Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.

Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:
Determines the inclusion of these elements in the detailed overview of the review questions/results.

Move to appendix:
If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
List attachments/evidences Prints the file names of attachments/evidences in the report..
Embed image attachments Image files (.jpg or .png) attached to review questions and/or review results are also embedded in the report as images. The file names of the respective images are printed below them. If available, the timestamp of the capture is also printed. Consequently, the file size of the report is larger and generation can take a little longer.
Attachments/evidences as zip-file The report is downloaded in a zip-folder along with any attachments/evidences. Links are listed in a .txt file.
Appendix with explanations Adds an apendix with different explanatory texts.
Create conformity report by reviews


Conformity report by standards and norms

The purpose of this report is to graphically illustrate the fulfillment of the prerequisites in each requirement area of the standard. The fulfillment of the prerequisite items will be visually represented in the form of spider diagrams, pie charts, or tachometers. After selecting a standard, a list of applicable knowledge bases and their various versions will appear. From this, choose all knowledge bases and versions thereof which are to be part of the report's data basis.

For display purposes, questions answered Yes, No, or Partially are converted to scores. "No" corresponds to score 1, "Partial" corresponds to score 3, and "Yes" corresponds to score 5.

Generate conformity report by standards and norms

First, the desired norm or standard must sbe selected for which a conformity report is to be generated. If the option "Include mapped standard chapters" is selected, the mapped standard/the mapped norm can be selected from a second list. Then, the knowledge bases to be considered in the report must be selected.

The selected knowledge bases form the basis for the evaluations in the report. Only knowledge bases that have a mapping to the selected standard and at least one review object (of a gap analysis) are displayed. If a review object exists in several versions, only the one with the highest version is considered. If a restriction is also made to an OrgUnit, the highest version of the review object that is linked to the OrgUnit is used. In addition, note that reviews may not be in the state "Draft" or the respective knowledge bases will also not be listed.

Berichtsoptionen
Selection of the target score For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
Selection of a time period from-to This option determines from which time period between a beginning and an end date the report elements are taken.
Selection of the OU This option determines which organizational units are considered for the report.
Target score on the cover page Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
Table of contents This option determines whether a table of contents is included in the report.
Review objects/questions in table of contents This option determines whether the table of contents also contains individual review objects/questions.
Only closed reviews With this option, only reviews in the state "Closed" are included in the report.
Report format Determines in which format the evaluation is displayed in the report:
- Tabular evaluation
- Tabular evaluation + graphical evaluation of the main chapters
- Graphical evaluation of the main chapters
- Graphical evaluation of the main chapters & subchapters incl. question
Detailed evaluation of review questions Prints a detailed overview of the review questions and results with various additional information in the report.

All OR Only positive OR Only negative:
Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.

Information gatherings AND/OR Unnecessary AND/OR Not answered:
Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.

Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:
Determines the inclusion of these elements in the detailed overview of the review questions/results.

Move to appendix:
If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
Include mapped standard chapters If the selected standard/norm refers to other standards/norms via mappings, the review questions and results linked with those chapters can be included in the report with this option.
Include not applicable chapters in the statistics Determines whether chapters marked as not applicable in the management system are considered in the report.
Include review results If selected, manually created review results are also considered (meaning those not coming from a knowledge base).
Appendix with explanations Adds an apendix with different explanatory texts.
Conformity by standard or norm


Standards and Norms

Reports about standards and norms can be generated here.

Select report for standards and norms


The chapter applicability for the reports is calculated as follows:

Scenario Chapter
Scenario 1: Chapter 1 - without measures
Chapter 1.1 - with a measure
Chapter 1.2 - with a measure

The applicability of chapter 1 is 100%, because all chapters below have assigned measures.
Scenario 2: Chapter 1 - with a measure
Chapter 1.1 - without measures
Chapter 1.2 - without measures

The applicability of chapter 1 is 100%. As the measure is assigned to the super-chapter, it also counts towards the sub-chapters.
Scenario 3: Chapter 1 - without measures
Chapter 1.1 - with a measure
Chapter 1.2 - without measures

The applicability of chapter 1 is 50%, because only half of its sub-chapters have measures assigned to them.

Statement of Applicability (SOA)

This report shows which chapters of the standard are "applicable" or "not applicable" in the management system. It also includes the justification for each chapter's applicability and the measures and controls associated with the chapters.

  • Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
  • In the donut diagrams, the scope of the standard is taken into account. If this has been restricted, chapters marked as not applicable are not taken into account. This can be canceled by activating the option Include not applicable chapters in the statistics.

The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.

With the option "Include mapped standard chapters", the database can be extended to mapped standard chapters. This means that if standard S1 has a chapter C that is mapped to standard S2 chapter C (S1.C => S2.C) and a report is generated from standard S1, the report will also include actions and controls that are mapped to standard S2 chapter C. This behavior also applies to chapters mapped from S2.C.

Measures Green = Completed measures
Orange = Suspended measures
Blue = Open measures
Measures for chapters Red = Chapter without measures
Blue = Chapter with open measures
Green = Chapter with completed measures
Controls for chapters Orange = Suspended controls to chapters
Green = Active controls to chapters
Red = Chapters without controls

Generate Statement of Applicability (SOA)

To generate an SOA, choose a standard/norm and configure the SOA via the report options. Click on the pink download button to generate the report.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Statistic In the statistic, the fulfilments are determined on the basis of the total number of chapters. Only the subchapters are included in the calculation.
Example: A standard consists of one superordinate chapter and three subchapters. The calculation basis for the statistic is 3 (= total number of subchapters). The superordinate chapter is only used for structuring purposes.
Scope Determines whether the scope recorded in the standard is included in the report.
Measures and controls details Determines whether details for included measures and controls are printed in the report.
Linked documents Determines whether documents from the doc management linked with the standard or norm are printed in the report.
Include mapped standard chapters If the selected standard points to other standards, then the measures and controls that are related to that standard chapter will be taken into account when choosing this option.
Include not applicable chapters in the statistics Determines whether chapters marked as not applicable in the management system are considered in the report.
Appendix with explanations Adds an apendix with different explanatory texts.
Statement of Applicability


Management Summary

This report provides a management overview of the measures and controls assigned to a standard/norm:

  • Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
  • A bar chart shows the number of measures & controls by main chapters. The number is the sum of the measures or controls assigned to the main chapter and each sub-chapter below it. A measure or control assigned several times is only counted once per main chapter.
  • The report takes into account the scope of the standard. If the scope is limited, chapters marked as not applicable are not taken into account. This can be canceled by activating the option "Include not applicable chapters in the statistics".

    The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.

Example report: Management Summary

Generate Management Summary

To generate a management summary, choose a standard/norm and configure the management summary via the report options. Click on the pink download button to generate the report.

Report options
Selection of the target score For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
Statistic In the statistic, the fulfilments are determined on the basis of the total number of chapters. Only the subchapters are included in the calculation.
Example: A standard consists of one superordinate chapter and three subchapters. The calculation basis for the statistic is 3 (= total number of subchapters). The superordinate chapter is only used for structuring purposes.
Measures and controls details Determines whether details for included measures and controls are printed in the report.
Include mapped standard chapters If the selected standard/norm refers to other standards/norms via mappings, the review questions and results linked with those chapters can be included in the report with this option.
Include not applicable chapters in the statistics Determines whether chapters marked as not applicable in the management system are considered in the report.
Appendix with explanations Adds an apendix with different explanatory texts.
Management Summary


Structural analysis

Reports on RTO and RPO fulfilment can be generated here. You can find more information on RTO and RPO under "Risk management → Structural analysis".

Select RTO or RPO report


RTO-Fulfillment

This report shows whether or not the requirements derived from the various protection needs analyses (PNAs) for the resources can be met in terms of the maximum justifiable recovery time in each case.

The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum justifiable recovery time.

If the report is restricted to a resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered. Generate RTO-Fulfillment report

To generate a RTO fulfillment report, click the pink download button.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Statistic Determines whether a statistic with graphics on the degree of fulfillment and coverage is included.
Fulfilled requirements Determines whether identified fulfilled requirements are included.
Not fulfilled requirements Determines whether identified not fulfilled requirements are included.
Resources with defined information Determines whether resources with defined information are included.
Resources with undefined/irrelevant information Determines whether resources with undefined or irrelevant information are included.
Appendix with explanations Adds an apendix with different explanatory texts.
Create RTO report


RPO-Fulfillment

This report shows whether the requirements derived from the various protection needs assessments (PNAs) for the resources in terms of maximum acceptable data loss can be met in each case or not.

The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum acceptable data loss.

If the report is restricted to one resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered. Generate RPO-Fulfillment report

To generate an RPO fulfillment report, click the pink download button.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Statistic Determines whether a statistic with graphics on the degree of fulfillment and coverage is included.
Fulfilled requirements Determines whether identified fulfilled requirements are included.
Not fulfilled requirements Determines whether identified not fulfilled requirements are included.
Resources with defined information Determines whether resources with defined information are included.
Resources with undefined/irrelevant information Determines whether resources with undefined or irrelevant information are included.
Appendix with explanations Adds an apendix with different explanatory texts.
Create RPO report



Abgerufen von „https://userguide.hitguard.de/index.php?title=Berichte_für_das_Risikomanagement/en&oldid=34722
Zuletzt geändert
Diese Seite wurde zuletzt am 16. Mai 2025 um 08:42 Uhr bearbeitet.