Menü aufrufen
Toggle preferences menu
Persönliches Menü aufrufen
Nicht angemeldet
Ihre IP-Adresse wird öffentlich sichtbar sein, wenn Sie Änderungen vornehmen.

Managementsysteme/en: Unterschied zwischen den Versionen

Aus HITGuard User Guide
Faha (Diskussion | Beiträge)
Die Seite wurde neu angelegt: „'''What is a management system?'''<br> :A management system is a content-related combination of, for example, findings, progress reports and controls (in Measu…“
Isan (Diskussion | Beiträge)
Keine Bearbeitungszusammenfassung
 
(144 dazwischenliegende Versionen von 4 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
<span id="managementsystem"></span>
<span id="managementsystem"></span>


Administrators and Experts can create, edit and manage management systems via "Administration → Management systems".<br>Experts can only edit the management systems for which they are responsible.
[[Datei:Managementsysteme Übersicht.png|right|thumb|750px|Management systems overview]]
 
Administrators and Experts can create, edit, and manage management systems via "Administration → Management systems". Experts can only edit the management systems for which they are responsible.


'''What is a management system?'''<br>
'''What is a management system?'''<br>
:A management system is a content-related combination of, for example, findings, progress reports and controls (in Measures and Controls) or audit programmes (in the Risk management).
:A management system is a contentwise bundling of elements, meaning measures and progress reports, controls, determinations and gaps, audits and reviews, etc.


:Dabei werden die Elemente zu einem Team an verantwortlichen Experts und Professionals im Sinne der Überwachung bzw. des Workflow-Handlings zugewiesen (z.B. Information Security Management-Team oder Datenschutz-Team). Auf der anderen Seite werden alle darin verwalteten Elemente, im Sinne der Analysezeiträume, historisiert und dadurch auch vergleichbar gemacht.
:The elements are assigned to a team of responsible experts and professionals in terms of monitoring and workflow handling (e.g. information security management team or data protection team). Also, all elements managed in it are historized in terms of analysis periods and thus made comparable.


<div class="mw-translate-fuzzy">
'''What purpose do management systems serve?'''<br>
'''What purpose do management systems have?'''<br>
:Management systems have two central functions:
:Management systems have two central functions:
:# They serve to assign measures, controls, risk identifications, etc. from selected departments to subject areas and to define responsible experts who, for example, supervise the progress of the measures.<br>Example:  
:# They serve to assign measures, controls, risk identifications, etc. from selected departments to subject areas and to define responsible experts who, for example, supervise the progress of the measures.<br>Example:  
:#* ISM Reporting: Measures from the Information Security Management Audits are managed by Ms. Moser
:#* Information security management Reporting: Measures from the Information Security Management Audits are managed by Ms. XY
:#* QM Reporting: Measures from the Quality Management Management Audits are handled by Mr. Mustermann.<br>
:#* Qality management Reporting: Measures from the Quality Management Management Audits are handled by Mr. Mustermann.<br>
:# They are used to assign the feedback from the progress evaluations of the various tasks to time periods and to analyze the corresponding key figures and trends.<br>Example:
:# They are used to assign the feedback from the progress evaluations of the various tasks to time periods and to analyze the corresponding key figures and trends.<br>Example:
:#* Mr. Mustermann collects progress data on 10 departments every six months.
:#* Mr. Mustermann collects progress data on ten departments every six months.
:#* Ms. Moser collects progress data of 2 divisions quarterly.
:#* Ms. XY collects progress data of two divisions quarterly.
</div>


<div class="mw-translate-fuzzy">
:That means:
:That means:
:*Measures to deal with risks can be implemented by employees from different areas of responsibility.<br>Experts from the individual management systems can continuously monitor the progress of the measure developments and report periodically over several analysis periods.
:*Measures to deal with risks can be implemented by employees from different areas of responsibility. Experts from the individual management systems can continuously monitor the progress of the measure developments and report periodically over several analysis periods.  
</div>


<div class="mw-translate-fuzzy">
:*In addition to the measures, controls can also be created for further risk monitoring to ensure the effectiveness and sustainability of implemented measures. Controls are assigned to the employees of the respective area of responsibility, which are reminded of the execution of the control at predefined intervals. The execution of these - if necessary with indication of evidence - is documented in a comprehensible manner.
:*In addition to the measures, controls can also be created for further risk monitoring to ensure the effectiveness and sustainability of implemented measures.<br>Controls are assigned to the employees of the respective area of responsibility, which are reminded of the execution of the control at predefined intervals.<br>The execution of these - if necessary with indication of evidence - can be documented in a comprehensible manner.
</div>


<div class="mw-translate-fuzzy">
'''Deleting a management system:'''
'''Deleting a management system:'''
*The deletion of a management system can only be performed by the responsible expert.
*The deletion of a management system can only be performed by the responsible expert.
*The deletion of management systems is only possible as long as no analysis periods are included.
*The deletion of management systems is only possible as long as no active analysis periods are included.
</div>
 
<b>Licenses:</b>
 
The overview shows how many licenses are currently available and how many are in use. This makes it possible to see at a glance whether one is underlicensed or still has licenses for additional management systems. More information about the licenses can be found under [[Special:MyLanguage/Lizenzierung| "Administration → Licensing"]].
 
<span id="Stammdaten"></span>
== <span id="stam"></span> Master data ==
 
A management system is configured in the master data. The settings made here affect the measures and reports to be created.<br>
 
[[Datei:Stammdaten bearbeiten.PNG|right|thumb|701px|Edit master data]]
 
<span id="Stammdaten_bearbeiten"></span>
=== Edit master data ===
 
Here, the name, the responsible person(s) and the team members for a management system are defined and entered.<p>Every management system can have one or more experts or teams made up of experts be responsible. The members of the management system team must be experts, professionals, or observers.<br>Management systems can only be edited by the responsible person(s) or the administrators once they have been created.
 
<b>Evaluation schema</b>
Evaluation schemas are a way to evaluate reviews according to a different schema, like the target maturity schema.
 
Possible evaluation schemes are:
* Yes/No/Partial
* CMMI process model
* Grade system (1-4)
 
The third option is not available for selection by default. To get this option for selection, contact our team.
 
<span id="Einstellungen_zum_Managementsystem"></span>
===<span id="general_settings"> Management system settings===
 
[[Datei:MMS_Einstellungen.png|right|thumb|701px|Management system settings]]
 
If protection targets are activated here, they are activated by default in the risk policy of risk management. This in turn has an impact on risk assessments and analyses. These protection targets can then be used within the management system. Protection targets can be managed and created by experts under "Risk Management → Risk Policy". (See
[[Special:MyLanguage/Risikopolitik#protar|protection targets]])<br>
 
The standards and norms that are to be used in this management system can be configured here.


<div class="mw-translate-fuzzy">
Standards that are not selected here are visible in existing mappings, but can no longer be selected or changed in this management system. They are also not considered when further mapped norm chapters are included in reports (e.g., Compliance report by Standard or Norm).
== Master data: ==
</div>


<div class="mw-translate-fuzzy">
For example, if the standard "GDPR" is not selected, it cannot be selected for the evaluation of the compliance spider in the risk management dashboard according to "GDPR".
A management system is created in the master data.<br>
The settings made here affect the measures and reports to be created.<br>
</div>


<div class="mw-translate-fuzzy">
* Data protection add-on:
:<u>Edit Master Data:</u><br>
::This activates the Data Protection module for this management system. Data protection experts, professionals and observers can then create and manage data protection, processing activities, data protection impact assessments and more via the Data Protection menu item.
:*Here the name, the person responsible and the team members for a management system are assigned.<br>There can only be one responsible person per management system.<br>Management systems may only be edited by the responsible person or the administrators after they have been created.
* Case management add-on:
</div>
::Specifies whether this management system should be used to report incidents. This makes the Case Management menu item visible to users authorized for case management.
* Audit management add-on:
::Specifies whether this management system should be used to manage audits and audit programs. This makes the Audit management menu item visible to users authorized for audit management.


::[[Datei:Stammdaten bearbeiten.PNG|left|thumb|800px|Stammdaten bearbeiten]]<br clear=all>
[[Datei:ManSys Email Einstellungen.PNG|right|thumb|700px|E-mail settings]]


<div class="mw-translate-fuzzy">
<span id="E-Mail_Einstellungen"></span>
:<u>Email Settings:</u><br>
=== <span id="masy_email"></span>E-mail settings===
:* If an email is entered here, then all reminders sent by this management system will be sent via this email.<br>If no email is configured here, all emails will be sent from the email address specified in the global settings.(see [[Special:MyLanguage/Globale Einstellungen#Email Einstellungen|Global Email]])
</div>


::[[Datei:ManSys Email Einstellungen.PNG|left|thumb|800px|Email Einstellungen]]<br clear=all>
*If an e-mail setting is configured here, then all reminders that originate from this management system will be sent via this e-mail address. If you do not use an e-mail account of your own but the one provided by TogetherSecure, the sender address needs to end in @hitguard.at.
*If no e-mail setting is configured here, then all e-mails will be sent from that address that is stored in the global settings.(see [[Special:MyLanguage/Globale Einstellungen#Email Einstellungen|Global e-mail settings]])


<div class="mw-translate-fuzzy">
[[Datei:Intervallschema definieren.PNG|right|thumb|800px|Define interval schema]]
:<u>Define Interval Schema:</u><br>
::The interval schema determines how analysis periods are created. <br>Analysis periods can be:
::*created manually (from-to date during creation)
::*configured in advance (e.g. dividing the year into 3 analysis periods starting with 1.2.2017 => 1.2.-31.5.2017; 1.6. - 30.09.2017; 1.10.-31.1.2018)
</div>


::[[Datei:Intervallschema definieren.PNG|left|thumb|800px|Intervallschema definieren]]<br clear=all>
<span id="Intervallschema_definieren"></span>
=== <span id="int"></span>Define interval schema ===


<div class="mw-translate-fuzzy">
The interval schema is used to define whether analysis periods should follow a predefined rhythm.<br>Analysis periods can be:
:<u>Optional measure properties</u><br>
*Manually set: Here, the time restriction is defined manually with a from-to date. This is set individually for each period.
::These properties have an effect on the creation of measures in their respective management systems.<br>
*Start date plus interval: Here, a year is divided into three analysis periods. For example, starting with 2/1 to 5/31/2021; 6/1 to 9/30/2021 and 10/1 to 1/31/2022.
::*see [[$A_GE_opma|Optional measure properties]]
::[[Datei:Optionale Maßnahmeneigenschaften.PNG|left|thumb|400px|Optional measure properties]]<br clear=all>
</div>


::*Der Rest der Eigenschaften wird unter [[Special:MyLanguage/Globale Einstellungen#glop_opme|Optionale Maßnahmeneigenschaften]] näher beschrieben.
<span id="Erinnerungen_via_Email"></span>
::[[Datei:Optionale Maßnahmeneigenschaften.PNG|left|thumb|500px|Optionale Maßnahmeneigenschaften]]<br clear=all>
=== Reminders via e-mail ===


<div class="mw-translate-fuzzy">
The current setting for progress message reminders is displayed here. This setting ensures that an implementer of a task is reminded of its implementation via e-mail before the period expires.
:<u>Used protection targets</u><br>
::If protection targets are activated here, then they are activated by default in the risk policy of the Security Assessor.<br>This in turn affects risk assessments and analyses.<br>Protection targets can be managed and created by experts under "Security Assessor ==> Risk Policy".(see [[Special:MyLanguage/Risikopolitik#protar|Protection Targets]])<br>
::Only the basic protection objectives (according to ISO 27001, ISO 80001):
::*Privacy
::*Availability
::*Integrity
::cannot be deleted.
::[[Datei:Verwendete Schutzziele.PNG|left|thumb|400px|Used protection targets]]<br clear=all>
</div>


::[[Datei:Verwendete Schutzziele.PNG|left|thumb|500px|Verwendete Schutzziele.PNG]]<br clear=all>
This setting must be made directly in the database!


:<u>Allgemeine Einstellungen:</u><br>
If you want to change this setting, please contact our team.
:: Data Protector:
:::Legt fest ob der Data Protector (Datenschutz) für dieses Managementsystem verwendet wird.


<div class="mw-translate-fuzzy">
<span id="Analysezeitraum_und_Historie"></span>
== Analysis period and History: ==
== <span id="analyses_historie"></span> Analysis period and history: ==  
</div>


[[Datei:Aktiver Analysezeitraum.PNG|right|thumb|700px|Active analysis period]]


=== Zweck ===
<span id="Zweck"></span>
=== Purpose ===


<div class="mw-translate-fuzzy">
Analysis periods are used in risk management, measures and control administration, or data protection to assign results to individual periods and thus make them evaluable and comparable. This makes it possible to track and analyze the progress of measures over several periods.
Analysis periods are used in the Security Assessor and the Progress Monitor to assign results to individual periods and thus make them evaluable and comparable.<br>Analysis periods can be created in two different ways.(see Define Interval Schema)
Depending on whether they were created manually or automatically, the responsible expert is requested to transfer the uncompleted tasks to the subsequent analysis period on the relevant key date.
</div>


In einem Managementsystem werden innerhalb eines Analysezeitraums Maßnahmen festgestellt, bearbeitet und auch umgesetzt.  
In a management system, measures, for example, are determined, processed and also implemented within an analysis period.  


Für diese Maßnahmen können jederzeit [[Special:MyLanguage/Fortschrittsmeldungen| Fortschrittsmeldungen]] angefordert werden.
For these measures, [[Special:MyLanguage/Fortschrittsmeldungen|progress reports]] can be requested at any time.


Am Ende eines Analysezeitraums, muss für jede aktive Maßnahme mind. eine Fortschrittsmeldung vorhanden sein. Erst dann kann der Analysezeitraum auch in den nächsten überführt werden. Der Verantwortliche wird also vor Redaktionsschluss, via Email, aufgefordert Fortschrittsmeldungen zu den aktiven Maßnahmen einzuholen.  
At the end of an analysis period, at least one progress message must exist for each active measure. Only then can the analysis period be transferred to the next analysis period. Before the editorial deadline, the person responsible is therefore requested via e-mail to obtain progress reports for the active measures.  


Wurden alle Fortschrittsmeldungen akzeptiert, kann der Analysezeitraum anschließend überführt werden und der Ablauf beginnt von vorne.  
If all progress messages have been accepted, the analysis period can then be carried over and the process starts again.  


Durch Gegenüberstellung der Analysezeiträume am Maßnahmen Dashboard, ist es möglich, den Fortschritt von Maßnahmen nachzuverfolgen.
By comparing the analysis periods on the dashboard, it is possible to track the progress of measures.


Analysezeiträume können auf zwei unterschiedliche weisen angelegt werden.(siehe [[#int|Intervallschema definieren]])
Analysis periods can be created in two different ways. (see [[#int|Define interval scheme]])


<div class="mw-translate-fuzzy">
<span id="Aktiver_Analysezeitraum"></span>
'''Active analysis period:'''
=== <span id="Aktiver Analysezeitraum"></span> Active analysis period ===
</div>


[[Datei:Aktiver Analysezeitraum.PNG|left|thumb|800px|Aktiver Analysezeitraum]]<br clear=all>
:<u>Begin and end:</u><br>
:*An analysis period can be as short or as long as the organization requires. In principle, the begin and end date can be on the same day; however, the begin date must not be after the end.


<div class="mw-translate-fuzzy">
:<u>Editorial deadline::</u><br>
:<u>Editorial deadline::</u><br>
:*Relevant for the Progress Monitor.<br>The date by which all progress reports on all measures in an analysis period should be completed.<br>Progress reports can also be requested manually at any time via "Progress Monitor ==> Progress reports".
:*Relevant for the the measures and control management. The date by which all progress reports for the measures in an analysis period should be completed. Progress reports can also be requested manually at any time via "Measures → Progress reports". This date must be set before or on the date of the analysis period end.
</div>
 
:<u>Target score:</u><br>
:*The target score describes the target status for all gap analyses. If you are below a target score in an analysis, the answered review question is recognized as a gap. The identified gaps should be assigned risks in the next step and treated by measures and controls. If the evaluation schema is changed, the target score needs to be adapted.
 
:<u>Included OrgUnits:</u><br>
:*Organizational units are required to report in the analysis periods to which they are assigned. This means, they must submit progress reports on the measures assigned to them by the editorial deadline. An organizational unit can also report simultaneously in several management systems or analysis periods.
:* If new organizational units are created during an analysis period, they are automatically added to the analysis period if their parent organizational unit is assigned to that analysis period. However, if the organizational unit does not have a parent organizational unit assigned to this analysis period, then it must be added manually.
 
:<u>Transfer to subsequent analysis period:</u><br>
:*When transferring an analysis period to the next one in connection with the measure and control management, all tasks that do not have the status "completed" are transferred to the new analysis period and adapted according to the respective status. The completed measures will of course not be followed up in the next period.
 
=== Delete an analysis period ===
*The deletion of an analysis period can only be triggered by the responsible expert.
*The deletion of analysis periods is only supported as long as no progress reports have been created.
*Only the current period to analyze can be deleted at any one time; completed periods can no longer be deleted.
 


:<u>Zielreifegrad:</u><br>
[[Datei:Managementsysteme Historie.png|right|thumb|700px|History]]
:*Der Zielreifegrad beschreibt den Zielzustand für alle Abweichungsanalysen.<br>Wenn Sie bei einer Analyse unter einem Zielreifegrad liegen wird die beantwortete Prüffrage als Abweichung erkannt.<br>Die identifizierten Abweichungen sollten im nächsten Schritt Risiken zugeteilt und durch Maßnahmen und Kontrollen behandelt werden.


:<u>Enthaltene OrgEhs:</u><br>
===Past analysis periods===
:*Organisationseinheiten sind in den Analysezeiträumen denen sie zugeteilt sind berichtspflichtig.<br>D.h. sie müssen zum Redaktionsschluß Fortschrittsmeldungen über die ihnen zugeteilten Maßnahmen abgeben.<br>Eine Organisationseinheit kann zeitgleich auch in mehreren Managementsystemen bzw. Analysezeiträume berichten.
*The history lists the analysis periods which have already been completed with start, end and editorial deadline.
<br><br><br><br><br><br><br><br>


:<u>In Nachfolge-Analysezeitraum überführen:</u><br>
<span id="Kürzel_Generierung"></span>
:*Beim Überführen eines Analysezeitraums in den nächsten werden, im Zusammenhang mit der Maßnahmen und Kontrollverwaltung,<br>alle nicht auf Status „erledigt“ befindlichen Maßnahmen in den neuen Analysezeitraum überführt und dem jeweiligen Status entsprechend adabtiert.<br>Die erledigten Maßnahmen werden im nächsten Zeitraum natürlich nicht mehr weiterverfolgt.
==Code generation==


=== Löschen eines Analysezeitraums ===
[[Datei:MMS_Kürzel.png|thumb|right|700px]]
*Das Löschen eines Analysezeitraums kann nur vom verantwortlichen Expert ausgelöst werden.
*Es wird das Löschen von Analysezeiträumen nur dann unterstützt, solange noch keine Fortschrittsmeldungen erstellt wurden.
*Es kann immer nur der aktuelle Analysezeitraum gelöscht werden, abgeschlossene nicht mehr.


Here you can set the default of whether an automatic code should be created for any new elemtents, and for which ones. The structure of the code can also be configured here. Upon creation of a management system, the configuration is taken automatically from the global settings, but it can be changed and adapted here at any time.


=== Historie ===
*The general prefix is used at the beginning of the code for all selected elements.
*In der Historie werden die Analysezeiträume welche schon abgeschlossen wurden mit Beginn, Ende und Redaktionsschluß aufgelistet.
*The first column allows you to select all elements that are to be generated with an automatic code.
[[Datei:Managementsysteme Historie.png|left|thumb|900px|Aktiver Analysezeitraum]]<br clear=all>
*Prefix: a string of letters, digits, or special characters that clearly labels the element (e.g., M for measure). The default entry can be changed.
*OrgUnits abbr.: decides whether the element's code also includes the code of the organizational unit. Elements that aren't directly associated with any organizational unit do not have this option activated (e.g., hazard situations or processes).
*OrgUnit abbr. suffix: a delimiter between the OrgUnit code and the final digit string (e.g., _ or -).
*Minimum precision: the minimum number of digits to be included in the resulting string. At least 1 and at most 10 can be entered. With a number of 4, the resulting strings would be, for example, 0001, 0026, or 0184.

Aktuelle Version vom 29. Juli 2024, 10:30 Uhr

Management systems overview

Administrators and Experts can create, edit, and manage management systems via "Administration → Management systems". Experts can only edit the management systems for which they are responsible.

What is a management system?

A management system is a contentwise bundling of elements, meaning measures and progress reports, controls, determinations and gaps, audits and reviews, etc.
The elements are assigned to a team of responsible experts and professionals in terms of monitoring and workflow handling (e.g. information security management team or data protection team). Also, all elements managed in it are historized in terms of analysis periods and thus made comparable.

What purpose do management systems serve?

Management systems have two central functions:
  1. They serve to assign measures, controls, risk identifications, etc. from selected departments to subject areas and to define responsible experts who, for example, supervise the progress of the measures.
    Example:
    • Information security management Reporting: Measures from the Information Security Management Audits are managed by Ms. XY
    • Qality management Reporting: Measures from the Quality Management Management Audits are handled by Mr. Mustermann.
  2. They are used to assign the feedback from the progress evaluations of the various tasks to time periods and to analyze the corresponding key figures and trends.
    Example:
    • Mr. Mustermann collects progress data on ten departments every six months.
    • Ms. XY collects progress data of two divisions quarterly.
That means:
  • Measures to deal with risks can be implemented by employees from different areas of responsibility. Experts from the individual management systems can continuously monitor the progress of the measure developments and report periodically over several analysis periods.
  • In addition to the measures, controls can also be created for further risk monitoring to ensure the effectiveness and sustainability of implemented measures. Controls are assigned to the employees of the respective area of responsibility, which are reminded of the execution of the control at predefined intervals. The execution of these - if necessary with indication of evidence - is documented in a comprehensible manner.

Deleting a management system:

  • The deletion of a management system can only be performed by the responsible expert.
  • The deletion of management systems is only possible as long as no active analysis periods are included.

Licenses:

The overview shows how many licenses are currently available and how many are in use. This makes it possible to see at a glance whether one is underlicensed or still has licenses for additional management systems. More information about the licenses can be found under "Administration → Licensing".

Master data

A management system is configured in the master data. The settings made here affect the measures and reports to be created.

Edit master data

Edit master data

Here, the name, the responsible person(s) and the team members for a management system are defined and entered.

Every management system can have one or more experts or teams made up of experts be responsible. The members of the management system team must be experts, professionals, or observers.
Management systems can only be edited by the responsible person(s) or the administrators once they have been created. Evaluation schema Evaluation schemas are a way to evaluate reviews according to a different schema, like the target maturity schema. Possible evaluation schemes are:

  • Yes/No/Partial
  • CMMI process model
  • Grade system (1-4)

The third option is not available for selection by default. To get this option for selection, contact our team.

Management system settings

Management system settings

If protection targets are activated here, they are activated by default in the risk policy of risk management. This in turn has an impact on risk assessments and analyses. These protection targets can then be used within the management system. Protection targets can be managed and created by experts under "Risk Management → Risk Policy". (See protection targets)

The standards and norms that are to be used in this management system can be configured here.

Standards that are not selected here are visible in existing mappings, but can no longer be selected or changed in this management system. They are also not considered when further mapped norm chapters are included in reports (e.g., Compliance report by Standard or Norm).

For example, if the standard "GDPR" is not selected, it cannot be selected for the evaluation of the compliance spider in the risk management dashboard according to "GDPR".

  • Data protection add-on:
This activates the Data Protection module for this management system. Data protection experts, professionals and observers can then create and manage data protection, processing activities, data protection impact assessments and more via the Data Protection menu item.
  • Case management add-on:
Specifies whether this management system should be used to report incidents. This makes the Case Management menu item visible to users authorized for case management.
  • Audit management add-on:
Specifies whether this management system should be used to manage audits and audit programs. This makes the Audit management menu item visible to users authorized for audit management.
E-mail settings

E-mail settings

  • If an e-mail setting is configured here, then all reminders that originate from this management system will be sent via this e-mail address. If you do not use an e-mail account of your own but the one provided by TogetherSecure, the sender address needs to end in @hitguard.at.
  • If no e-mail setting is configured here, then all e-mails will be sent from that address that is stored in the global settings.(see Global e-mail settings)
Define interval schema

Define interval schema

The interval schema is used to define whether analysis periods should follow a predefined rhythm.
Analysis periods can be:

  • Manually set: Here, the time restriction is defined manually with a from-to date. This is set individually for each period.
  • Start date plus interval: Here, a year is divided into three analysis periods. For example, starting with 2/1 to 5/31/2021; 6/1 to 9/30/2021 and 10/1 to 1/31/2022.

Reminders via e-mail

The current setting for progress message reminders is displayed here. This setting ensures that an implementer of a task is reminded of its implementation via e-mail before the period expires.

This setting must be made directly in the database!

If you want to change this setting, please contact our team.

Analysis period and history:

Active analysis period

Purpose

Analysis periods are used in risk management, measures and control administration, or data protection to assign results to individual periods and thus make them evaluable and comparable. This makes it possible to track and analyze the progress of measures over several periods.

In a management system, measures, for example, are determined, processed and also implemented within an analysis period.

For these measures, progress reports can be requested at any time.

At the end of an analysis period, at least one progress message must exist for each active measure. Only then can the analysis period be transferred to the next analysis period. Before the editorial deadline, the person responsible is therefore requested via e-mail to obtain progress reports for the active measures.

If all progress messages have been accepted, the analysis period can then be carried over and the process starts again.

By comparing the analysis periods on the dashboard, it is possible to track the progress of measures.

Analysis periods can be created in two different ways. (see Define interval scheme)

Active analysis period

Begin and end:
  • An analysis period can be as short or as long as the organization requires. In principle, the begin and end date can be on the same day; however, the begin date must not be after the end.
Editorial deadline::
  • Relevant for the the measures and control management. The date by which all progress reports for the measures in an analysis period should be completed. Progress reports can also be requested manually at any time via "Measures → Progress reports". This date must be set before or on the date of the analysis period end.
Target score:
  • The target score describes the target status for all gap analyses. If you are below a target score in an analysis, the answered review question is recognized as a gap. The identified gaps should be assigned risks in the next step and treated by measures and controls. If the evaluation schema is changed, the target score needs to be adapted.
Included OrgUnits:
  • Organizational units are required to report in the analysis periods to which they are assigned. This means, they must submit progress reports on the measures assigned to them by the editorial deadline. An organizational unit can also report simultaneously in several management systems or analysis periods.
  • If new organizational units are created during an analysis period, they are automatically added to the analysis period if their parent organizational unit is assigned to that analysis period. However, if the organizational unit does not have a parent organizational unit assigned to this analysis period, then it must be added manually.
Transfer to subsequent analysis period:
  • When transferring an analysis period to the next one in connection with the measure and control management, all tasks that do not have the status "completed" are transferred to the new analysis period and adapted according to the respective status. The completed measures will of course not be followed up in the next period.

Delete an analysis period

  • The deletion of an analysis period can only be triggered by the responsible expert.
  • The deletion of analysis periods is only supported as long as no progress reports have been created.
  • Only the current period to analyze can be deleted at any one time; completed periods can no longer be deleted.


History

Past analysis periods

  • The history lists the analysis periods which have already been completed with start, end and editorial deadline.









Code generation

Here you can set the default of whether an automatic code should be created for any new elemtents, and for which ones. The structure of the code can also be configured here. Upon creation of a management system, the configuration is taken automatically from the global settings, but it can be changed and adapted here at any time.

  • The general prefix is used at the beginning of the code for all selected elements.
  • The first column allows you to select all elements that are to be generated with an automatic code.
  • Prefix: a string of letters, digits, or special characters that clearly labels the element (e.g., M for measure). The default entry can be changed.
  • OrgUnits abbr.: decides whether the element's code also includes the code of the organizational unit. Elements that aren't directly associated with any organizational unit do not have this option activated (e.g., hazard situations or processes).
  • OrgUnit abbr. suffix: a delimiter between the OrgUnit code and the final digit string (e.g., _ or -).
  • Minimum precision: the minimum number of digits to be included in the resulting string. At least 1 and at most 10 can be entered. With a number of 4, the resulting strings would be, for example, 0001, 0026, or 0184.