Suche aufrufen
Menü aufrufen
47
1.3K
10
34.8K
HITGuard User Guide
Toggle preferences menu
Persönliches Menü aufrufen
Nicht angemeldet
Ihre IP-Adresse wird öffentlich sichtbar sein, wenn Sie Änderungen vornehmen.

Berichte für das Risikomanagement/en: Unterschied zwischen den Versionen

Aus HITGuard User Guide
Weitere Optionen
VisuellWikitext
Sala (Diskussion | Beiträge)
Administratoren, translater, tsuser
2.579 Bearbeitungen
Die Seite wurde neu angelegt: „Reports for risk management“
 
Isan (Diskussion | Beiträge)
Administratoren, translater, tsuser
10.680 Bearbeitungen
Keine Bearbeitungszusammenfassung
 
(398 dazwischenliegende Versionen von 4 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:


Berichte für das Risikomanagement können nur von Experten generiert werden!
HITGuard offers the possibility of generating various risk management reports under "Risk management → Reports".


<b>Sprachen:</b><br>
[[Datei:RM Berichtauswahl allgemein.png|left|thumb|900px|Report selection]]<br clear=all>
Wissensdatenbanken können durch hinterlegte Übersetzungen für verwendete Wissensdatenbanken in verschiedenen Sprachen vorliegen. Um z.B. einen Bericht mit den englischen Texten zu generieren, muss über das Flaggen-Icon rechts oben am Bildschirm, neben dem Abmelde-Button, die Sprache gewechselt werden. Dadurch werden alle Inhalte für die Berichte in der gewünschten Sprache geladen, sofern eine Übersetzung in dieser Sprache für die Wissensdatenbank vorhanden ist.


Es werden folgende Berichte im Bereich Risikomanagement von HITGuard angeboten:
To create a report, first choose a type of report. Subsequently, choose which data to include in the report (e.g. risks or reviews). Most reports also have additional report options which allow further specification of the report's contents.</p>Knowledge bases can be made available in different languages due to stored translations for used knowledge bases. For example, to generate a report with the English texts, the language must be changed using the flag icon at the top right of the screen, next to the logout button. This will load all content for the reports in the desired language, provided that a translation in that language is available for the knowledge base.</p><b>Download options:</b><br>The reports are available for download as PDF or DOCX files. Click the pink button to generate and download a report. Then, choose whether the report should be downloaded as a PDF or DOCX.</p>Additionally, there is the option to generate and archive the reports including revision information. In doing this, the report can be viewed, generated anew, or downloaded again by an expert under "Administration → Report archive". More information about this can be found under [[Special:MyLanguage/Berichtsarchiv | "Administration → Report archive"]].</p>When generating reports with revision information in the archive, there is also the option to send the report by e-mail to various recipients right away. More information about this can be found in the report archive and under [[Special:MyLanguage/Berichtsarchiv | "Administration → Report archive"]].</p><b>Remembering report options:</b>Some of the report options can be found for various reports. For these, the selected options are remembered within the management system and for the individual user, and then also applied for other reports with that same option. For example, if the option "Table of contents" is selected, then it will already be selected when accessing any other report pages that use this option.</p><b>Licenses:</b></br>If no valid license for HITGuard is available, this will be displayed in the footer of the report! To change this, an expert or administrator has to request/upload a license under [[Special:MyLanguage/Lizenzierung | "Administration → Licensing"]].</p>The following reports are offered in the risk management section of HITGuard:


== Auditprogramm ==
== <span id="hazard_sit"></span> Risks and opportunities==
===General risk/opportunity report===
In this report, details on risks and opportunities are presented. In addition, the risks and opportunities are positioned in a risk matrix according to their criticality. The measures and controls to be taken or already taken can be displayed for the individual risks and opportunities. Furthermore, the development of the risks and opportunities over time can be displayed.</p><b>Caution:</b>Users with the Compliance Manager role will also see measures and controls from all other management systems.


In einem Auditprogramm-Bericht sind alle Audits, die dem Auditprogramm zugeteilt sind, zu sehen.  
Example risk management report: [[Media:Risikobericht ohne Maßnahmen mit Entwicklung.pdf | Risks without M/C details incl. temporal development]]


[[Media:Auditprogramm Bericht.pdf | Auditprogramm Beispiel Bericht]]
<big><b>Generate risk/opportunity report</b></big></p>
To generate a risk/opportunity report, you have to navigate to "Risk Management → Reports → Risks & opportunities → General". There you have several options to generate the report:
# '''Risks and opportunities''': You can generate a risk/opportunity report for one or more risks. However, you can only generate reports in management systems to which you are assigned.
# '''Structural elements''': You can list all the risks and opportunities assigned to the selected structural elements.
# '''Responsible person(s)''' (compliance manager only): You can generate a risk/opportunity report in which all risks and opportunities are listed for which a specific team or a person is responsible.</p>After that, just click on the pink download button to generate the report.</p>
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Gaps
|Lists all gaps linked with the risk/opportunity.
|-
!Measures
|Dictates whether open AND/OR suspended AND/OR completed measures are printed.<br><br>Determines whether the progress overview AND/OR progress protocol AND/OR remarks are printed for the measures.
|-
!Controls
|Dictates whether active AND/OR suspended AND/OR deactivated controls are printed.<br><br>Determines whether the statistic AND/OR execution protocol AND/OR remarks are printed for the controls. Determines control executions of which status are included in the execution protocol.
|-
!Temporal development
|Lists the entries of the temporal development of the risk/opportunity in a chapter of their own.
|-
!Appendix with explanations
|Adds an appendix with various explanatory texts to the report.
|-
|}
[[Datei:RM Gefährdungslage Bericht erstellen.png|left|thumb|900px|Generate risk/opportunity report]]
<br clear=all>
 
===Gross-net report===
This report lists details about the development of a risk or opportunity. The focus of the report, therefore, lies on the aspect of the gross-net-risk/opportunity, which is managed with measures and controls. All to-be-implemented as well as already implemented measures and controls are listed for the individual risks or opportunities. The gross risk/opportunity as well as the possible net scenarios can be displayed separately. If desired, the development over time of the risk/opportunity can also be displayed.</p><b>Caution:</b> The measures and controls from other management systems are only visible for users with the role "Compliance manager".
 
Example gross-net-risk report: [[Media:Brutto-Netto-Risikobericht.pdf | Gross and net risk with matrices, no details for M/C]]
 
<big><b>Create gross-net report</b></big></p>To generate a gross-net report, you have to navigate to "Risk Management → Reports → Risks & opportunities → Gross-net". There you can generate the report for a selected risk or opportunity with different characteristics. Reports can only be created for risks or opportunities in management systems one is authorized for. (The exception are compliance managers, who can generate reports for all risks and opportunities in all management systems.)</p>Click the pink download button to generate the report.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Treatment of the current risk/opportunity
|Determines whether the measures and controls for the treatment of the current risk/opportunity are included in the report.
|-
!Gross risk/opportunity
|Determines whether the evaluation of the gross risk/opportunity is included in the report.
|-
!Treatment of the gross risk/opportunity
|Determines whether the measures and controls for the treatment of the gross risk/opportunity are included in the report.
|-
!Ability to control
|Determines whether the ability to control of the already implemented sets of measures and controls are included int he report.
|-
!Net risk/opportunity
|Determines whether the evaluation of the net risk/opportunity is included in the report.
|-
!Best case AND/OR Most likely case AND/OR Worst case
|Determines whether and which scenarios of the net risk/opportunity are included in the report.
|-
!Matrices
|Determines whether, in addition to textual information, the evaluation of the gross risk/opportunity and the scenarios of the net risk/opportunity are included in the report as images.
|-
!Measures
|Determines for the measures whether the progress overview AND/OR the progress protocol AND/OR remarks are included in the report.
|-
!Controls
|Determines for the controls whether the statistic AND/OR the execution protocol AND/OR remarks are included in the report. Determines as well whether irrelevant control executions are to be considered in the report.
|-
!Time evolution
|Lists the entries of the risk/opportunity's time evolution in a separate chapter.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:Berichtseite BNR.png|left|thumb|900px|Create gross-net-risk report]]<br clear=all>
 
==ESG==
Reports on fields of action can be created here. In addition to the fields of action, detailed information on the risks, opportunities and effects of the fields of action is also printed. The report can be configured with a variety of reporting options so that risks, opportunities and impacts are presented according to your needs.
<big><b>Create ESG report</b></big></p>To create an ESG report navigate to "Risk management → Reports → ESG". Then, choose the topic followed by the fields of action for which you want to generate a report, and configure it via the report options.</p>To generate the report click the pink download button.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Fields of action without score
|If this option is selected, fields of action that do not have a score are printed in the report. Otherwise, the report only contains fields of action that have a gross and/or net score.
|-
!Tabular description
|If this option is selected, all fields of action are additionally printed in the form of a table at the beginning of the report. This is to give an overview of all fields of action selected from the list.
|-
!Content from underlying fields of action
|With this you determine whether linked risks, opportunities, and impacts from lower levels of the hierarchy are printed with fields of action from higher levels of the hierarchy.
|-
!Non-material fields of action
|If this option is selected, non-material fields of action can be included in the report.<br><br>Whether a field of action is seen as material or not is configured under "Risk management > Settings".<br><u>Example</u>: If the threshold for the financial materiality is set as 15, a field of action must have a financial materiality of 16 or higher, unless the option is selected. The same principle applies to the impact materiality.
|-
!Detailed description
|With this you determine if and which details for the fields of action are to be included in the report:<p> - gaps <br>- measures incl. choice of status and details<br>- controls incl choice of status and details (also for their executions)<br>- Time evolution
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:SA_Reports_ESG_anno.png|left|thumb|901px|Create ESG reports]]<br clear=all>
 
== <span id="prot_need"></span> Protection needs ==
In this report, the results of either one or multiple protection needs analyses are displayed. Choices can be made regarding the summary of the results as well as their details. Additionally, it's possible to add an appendix with explanations for the basis of the assessment in the protection needs analysis.
 
<big><b>Generate protection needs report</b></big></p>To generate a protection needs analysis, you have to navigate to "Risk management → Reports → Protection needs". Then, choose which protection needs analysis to generate the report for and configure this via the report options.</p>To generate the report click on the pink download button.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Extent of damage
|This option determines which resources are included in the report. The report includes all resources that have at least one evaluation of the selected extent of damage or worse.
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Summary
|If a report contains multiple protection needs analyses, this option can add a summary of all results in the form of a crosstab to the report.
|-
!Summary details
|Prints a list of all interviews included in the data basis of the report above the crosstab.
|-
!Interview results
|Adds the rationale for the assessments of the individual protection needs and the crosstab for each interview to the report.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Schutzbedarf Bericht erstellen.png|left|thumb|900px|Create protection needs reports]]<br clear=all>
 
==<span id="gap_report"/> Gap analyses==
In this report, the results of either one or multiple gap analyses are displayed. When choosing the reviews, take note that they are limited by the chosen analysis period. An array of report options allow you to configure the reports to be displayed the way you need them.
 
Example gap report: [[Media:Abweichungsbericht Beispiel Überprüfungen.pdf | reviews without proposals ZR 5]]<br>
Example gap report: [[Media:Abweichungsbericht Beispiel Verantwortlich.pdf | responsible with proposals ZR 3]]<br>
Example gap report: [[Media:Abweichungsbericht Beispiel OrgEh.pdf | organizational unit all audit questions without proposals ZR 2]]
 
<big><b>Generate gap analysis report</b></big></p>To generate a deviation report navigate to "Risk management → Reports → Gap analyses". There, you have several options to generate such a report depending on your role:
# '''Reviews''':  This report contains all information about the selected reviews. The selection shows only reviews from the current management system in the selected analysis period (with the report options to the right).
# '''Responsible(s)''' (Compliance manager only): This report contains all reviews the selected person(s) or team(s) is/are responsible for.
# '''Organizational unit''' (Compliance manager only): This report contains all reviews that have been created for an organizational unit. The selection shows only organizational units for which reviews exist in the current management system and within the selected analysis period.</p>
It is possible to create a report for several analysis periods. For this, change the analysis period among the report options to the right. Then, the reviews of the chosen analysis period are made available.<br><b>Caution:</b> If you select a new analysis period, the reviews from the previous ones will no longer be displayed, but will remain selected.</p>After that, click on the respective pink download button to generate the gap report.
{| class="wikitable"
! colspan="2" | <b>Berichtsoptionen</b>
|-
!Selection of the analysis period
|This option determines which analysis period the report elements come from.
|-
!Selection of the target score
|For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
|-
!Target score on the cover page
|Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Review
|Header data: if activated, all available information on the review is printed in the header data. If not, the report only shows the reviewed organizational units, beginning an dend of the review, as well as the participants, if filled in.<br><br>The remining options determine whether review remarks are printed, and whether and which graphics are included in the report (bar chart AND/OR compliance spider charts).
|-
!Review object
|Header data: if activated, all available information on the review object is printed in the header data. If not, the report only shows name of the review object.<br><br>The remining options determine whether and which graphics are included in the report (donut charts AND/OR scoreline).
|-
!Treatment plan by determination type
|Prints the treatment plan (meaning the measures and controls) clustered by determination type at the beginning of the report. This is only possible, if the determination type for reviews is activated in the audit management module.<br>Note: The treatment plan does not include positive determinations (model implementation).<br>Find out more on determination types [[Special:MyLanguage/Auditmanagement_Einstellungen|here]].
|-
!Tabular evaluation of review questions
|Prints an overview of the review questions and results with their answers in the form of a table. The cells containing the answers are colored as per the target score. Unnecessary review questions/results are grey. Not answered review questions/results are colorless and marked with "-". Anwered information gatherings are marked with "answ.".<br><br>All OR Only positive OR Only negative:<br> Determines for the table whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.<br><br>Information gatherings AND/OR Unnecessary AND/OR Not answered:<br>Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the table.
|-
!Detailed evaluation of review questions
|Prints a detailed overview of the review questions and results with various additional information in the report.<br><br>All OR Only positive OR Only negative:<br> Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.<br><br>Information gatherings AND/OR Unnecessary AND/OR Not answered:<br>Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.<br><br>Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:<br>Determines the inclusion of these elements in the detailed overview of the review questions/results.<br><br>Move to appendix:<br>If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
|-
!List attachments/evidences
|Prints the file names of attachments/evidences in the report..
|-
!Embed image attachments
|Image files (.jpg or .png) attached to review questions and/or review results are also embedded in the report as images. The file names of the respective images are printed below them. If available, the timestamp of the capture is also printed. Consequently, the file size of the report is larger and generation can take a little longer.
|-
!Attachments/evidences as zip-file
|The report is downloaded in a zip-folder along with any attachments/evidences. Links are listed in a .txt file.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Abweichungsanalysen Bericht erstellen.png|left|thumb|900px|Create gap analysis report]]<br clear=all>
 
==<span id="conf"></span> Conformity==
[[Datei:RM Konformität auswahl.png|right|thumb|650px|Choose conformity type]]
Here, you can generate reports to show the conformity with a standard or norm as well as the results of gap analyses.</p>These reports show a distinct average score for each requirement or norm chapter.<p>Weightings of review questions are not considered.
====Evaluation by standards and norms:====
Review questions mapped to chapters of standards and norms are considered for the calculation of score values. These can be answered in reviews. Review questions from various reviews can populate this evaluation. Review questions can be mapped to all chapter levels.<p>Example: ISO 9001 chapter 6 Planning, which consists of 3 subchapters.
*Chapter 6 Planning (<b>Score = 2.85</b>)
**Review question 1: Score = 2
**Review question 2: Score = 2
**Score for calculation: (2 + 2) / 2 = 2
*6.1 Measures for the handling of risks and opportunities (Score = 4)
**Review question 3: Score = 3
**Review question 4: Score = 5
**Score for 6.1: (3 + 5) / 2 = 4
*6.2 Quality objectives and planning to their achievement (Score = 4)
**Review question 5: Score = 4
**Score for 6.2: (4) / 1 = 4
*6.3 Planning of Changes (Score = 3)
**Review question 6: Score = 3
**Review question 7: Score = 3
**Score for 6.3: (3 + 3) / 2 = 3<p>
To get the score for chapter 6, first the averages of the subchapters must be calculated (4 + 4 + 3) / 3 = 3.7. Then the value is calculated with the averages of the review questions of the main chapter (3.7 + 2) / 2 = 2.85.
<p>
====Evaluation by reviews:====
The evaluation by reviews is done on the basis of the contained topics (review objects). The final score of a review comes from the averages of the individual review object results. The score of the review objects comes from the average of the contained review questions.<p>Example: Review per ISO 9001 for chapter 5 Management (Score = 3.66) and chapter 6 Planning (Score = 3.14)
*Chapter 5 Management (<b>Score = 3.66</b>)
**Review question 1: Score = 3
**Review question 2: Score = 5
**Review question 3: Score = 3
**Score = (3 + 5 +3) / 3 = 3.66
*Chapter 6 Planning (<b>Score = 3.14</b>)
**Review question 1: Score = 2
**Review question 2: Score = 2
**Review question 3: Score = 3
**Review question 4: Score = 5
**Review question 5: Score = 4
**Review question 6: Score = 3
**Review question 7: Score = 3
**Score = (2 + 2 + 3 + 5 + 4 + 3 + 3) / 7 = 3.14
Note: For chapter 6 the same review questions were used as for the evaluation by standards and norms.
 
 
===<span id="comp_review"/> Conformity report by reviews===
The purpose of this report is to graphically illustrate the fulfillment of the prerequisites based on individual reviews. The fulfillment of the prerequisite points is presented visually in the form of spider diagrams, pie charts or tachometers.
 
<big><b>Generate conformity report by reviews</b></big></p>Depending on your role there are different ways of generating this report.
# '''Reviews''': You can generate a conformity report for the selected reviews.
# '''Responsible''' (Compliance manager only): You can generate a compliance report for one responsible person or team, where all reviews assigned to this responsible person or team are listed with their respective evaluation.
# '''Organizational units''' (Compliance manager only): You can generate a compliance report for an organizational unit, where all reviews assigned in this organizational unit are listed with their respective evaluation.
 
Example conformity report: [[Media:Konformitätsbericht Beispiel Überprüfung.pdf|Reviews]]<br>
Example conformity report: [[Media:Konformitätsbericht Beispiel Verantwortlicher.pdf|Responsible]]
 
{| class="wikitable"
! colspan="2" | <b>Berichtsoptionen</b>
|-
!Selection of the analysis period
|This option determines which analysis period the report elements come from.
|-
!Selection of the target score
|For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
|-
!Target score on the cover page
|Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Review objects/questions in table of contents
|This option determines whether the table of contents also contains individual review objects/questions.
|-
!Review
|Header data: if activated, all available information on the review is printed in the header data. If not, the report only shows the reviewed organizational units, beginning an dend of the review, as well as the participants, if filled in.<br><br>The remining options determine whether review remarks are printed, and whether and which graphics are included in the report (bar chart, donut diagram, compliance spider charts). The "unnecessary" option in this position affects all donut diagrams of the report.
|-
!Review object
|Header data: if activated, all available information on the review object is printed in the header data. If not, the report only shows name of the review object.<br><br>The remining options determine whether and which graphics are included in the report (donut charts AND/OR scoreline).
|-
!Tabular evaluation of review questions
|Prints an overview of the review questions and results with their answers in the form of a table. The cells containing the answers are colored as per the target score. Unnecessary review questions/results are grey. Not answered review questions/results are colorless and marked with "-". Anwered information gatherings are marked with "answ.".<br><br>All OR Only positive OR Only negative:<br> Determines for the table whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.<br><br>Information gatherings AND/OR Unnecessary AND/OR Not answered:<br>Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the table.
|-
!Detailed evaluation of review questions
|Prints a detailed overview of the review questions and results with various additional information in the report.<br><br>All OR Only positive OR Only negative:<br> Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.<br><br>Information gatherings AND/OR Unnecessary AND/OR Not answered:<br>Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.<br><br>Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:<br>Determines the inclusion of these elements in the detailed overview of the review questions/results.<br><br>Move to appendix:<br>If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
|-
!List attachments/evidences
|Prints the file names of attachments/evidences in the report..
|-
!Embed image attachments
|Image files (.jpg or .png) attached to review questions and/or review results are also embedded in the report as images. The file names of the respective images are printed below them. If available, the timestamp of the capture is also printed. Consequently, the file size of the report is larger and generation can take a little longer.
|-
!Attachments/evidences as zip-file
|The report is downloaded in a zip-folder along with any attachments/evidences. Links are listed in a .txt file.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Konformität nach Überprüfung Bericht erstellen.png|left|thumb|900px|Create conformity report by reviews]]<br clear=all>


=== Conformity report by standards and norms ===
The purpose of this report is to graphically illustrate the fulfillment of the prerequisites in each requirement area of the standard. The fulfillment of the prerequisite items will be visually represented in the form of spider diagrams, pie charts, or tachometers. After selecting a standard, a list of applicable knowledge bases and their various versions will appear. From this, choose all knowledge bases and versions thereof which are to be part of the report's data basis.</p>For display purposes, questions answered Yes, No, or Partially are converted to scores. "No" corresponds to score 1, "Partial" corresponds to score 3, and "Yes" corresponds to score 5.</p>


'''Auditprogramm Bericht erstellen:'''
<big><b>Generate conformity report by standards and norms</b></big></p>First, the desired norm or standard must sbe selected for which a conformity report is to be generated. If the option "Include mapped standard chapters" is selected, the mapped standard/the mapped norm can be selected from a second list. Then, the knowledge bases to be considered in the report must be selected.</p>The selected knowledge bases form the basis for the evaluations in the report. Only knowledge bases that have a mapping to the selected standard and at least one review object (of a gap analysis) are displayed. If a review object exists in several versions, only the one with the highest version is considered. If a restriction is also made to an OrgUnit, the highest version of the review object that is linked to the OrgUnit is used. In addition, note that reviews may not be in the state "Draft" or the respective knowledge bases will also not be listed.
{| class="wikitable"
! colspan="2" | <b>Berichtsoptionen</b>
|-
!Selection of the target score
|For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
|-
!Selection of a time period from-to
|This option determines from which time period between a beginning and an end date the report elements are taken.
|-
!Selection of the OU
|This option determines which organizational units are considered for the report.
|-
!Target score on the cover page
|Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Review objects/questions in table of contents
|This option determines whether the table of contents also contains individual review objects/questions.
|-
!Only closed reviews
|With this option, only reviews in the state "Closed" are included in the report.
|-
!Report format
|Determines in which format the evaluation is displayed in the report:<br> - Tabular evaluation<br> - Tabular evaluation + graphical evaluation of the main chapters<br> - Graphical evaluation of the main chapters<br> - Graphical evaluation of the main chapters & subchapters incl. question
|-
!Detailed evaluation of review questions
|Prints a detailed overview of the review questions and results with various additional information in the report.<br><br>All OR Only positive OR Only negative:<br> Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.<br><br>Information gatherings AND/OR Unnecessary AND/OR Not answered:<br>Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.<br><br>Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:<br>Determines the inclusion of these elements in the detailed overview of the review questions/results.<br><br>Move to appendix:<br>If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
|-
!Include mapped standard chapters
|If the selected standard/norm refers to other standards/norms via mappings, the review questions and results linked with those chapters can be included in the report with this option.
|-
!Include not applicable chapters in the statistics
|Determines whether chapters marked as not applicable in the management system are considered in the report.
|-
!Include review results
|If selected, manually created review results are also considered (meaning those not coming from a knowledge base).
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Konformität nach Standard Bericht erstellen.png|left|thumb|900px|Conformity by standard or norm]]<br clear=all>


Um einen Bericht eines Auditprogramms zu generieren, navigieren Sie zu "Risikomanagement → Berichte → Auditprogramm". Dort werden alle Auditprogramme, die im ausgewählten Managementsystem angelegt sind, zur Berichtserstellung angezeigt. Anschließend müssen Sie lediglich ein Auditprogramm auswählen und auf den Button mit "Auditprogramm als PDF herunterladen" klicken. Dann kann der Bericht generiert werden.
== <span id="san"></span> Standards and Norms ==
Reports about standards and norms can be generated here.
[[Datei:RM Standards auswahl.png|left|thumb|901px|Select report for standards and norms]]<br clear=all>


[[Datei:SA BR Auditprogramm auswahl.png|left|thumb|803px|Auditprogramm Bericht erstellen]]
The chapter applicability for the reports is calculated as follows:
{| class="wikitable"
!Scenario
!Chapter
|-
!Scenario 1:
|Chapter 1 - without measures<br>Chapter 1.1 - with a measure<br>Chapter 1.2 - with a measure<br><br>The applicability of chapter 1 is 100%, because all chapters below have assigned measures.
|-
!Scenario 2:
|Chapter 1 - with a measure<br>Chapter 1.1 - without measures<br>Chapter 1.2 - without measures<br><br>The applicability of chapter 1 is 100%. As the measure is assigned to the super-chapter, it also counts towards the sub-chapters.
|-
!Scenario 3:
|Chapter 1 - without measures<br>Chapter 1.1 - with a measure<br>Chapter 1.2 - without measures<br><br>The applicability of chapter 1 is 50%, because only half of its sub-chapters have measures assigned to them.
|}
=== Statement of Applicability (SOA)===
This report shows which chapters of the standard are "applicable" or "not applicable" in the management system. It also includes the justification for each chapter's applicability and the measures and controls associated with the chapters.
*Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
*In the donut diagrams, the scope of the standard is taken into account. If this has been restricted, chapters marked as not applicable are not taken into account. This can be canceled by activating the option Include not applicable chapters in the statistics.</p>
The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.</p>With the option "Include mapped standard chapters", the database can be extended to mapped standard chapters. This means that if standard S1 has a chapter C that is mapped to standard S2 chapter C (S1.C => S2.C) and a report is generated from standard S1, the report will also include actions and controls that are mapped to standard S2 chapter C. This behavior also applies to chapters mapped from S2.C.
{| class="wikitable"
!Measures
|Green = Completed measures<br>Orange = Suspended measures<br>Blue = Open measures
|-
!Measures for chapters
|Red = Chapter without measures<br>Blue = Chapter with open measures<br>Green = Chapter with completed measures
|-
!Controls for chapters
|Orange = Suspended controls to chapters<br>Green = Active controls to chapters<br>Red = Chapters without controls
|-
|}
 
<big><b>Generate Statement of Applicability (SOA)</b></big></p>To generate an SOA, choose a standard/norm and configure the SOA via the report options. Click on the pink download button to generate the report.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Statistic
|In the statistic, the fulfilments are determined on the basis of the total number of chapters. Only the subchapters are included in the calculation.<br>Example: A standard consists of one superordinate chapter and three subchapters. The calculation basis for the statistic is 3 (= total number of subchapters). The superordinate chapter is only used for structuring purposes.
|-
!Scope
|Determines whether the scope recorded in the standard is included in the report.
|-
!Measures and controls details
|Determines whether details for included measures and controls are printed in the report.
|-
!Linked documents
|Determines whether documents from the doc management linked with the standard or norm are printed in the report.
|-
!Include mapped standard chapters
|If the selected standard  points to other standards, then the measures and controls that are related to that standard chapter will be taken into account when choosing this option.
|-
!Include not applicable chapters in the statistics
|Determines whether chapters marked as not applicable in the management system are considered in the report.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Standard SOA Bericht erstellen.png|left|thumb|882px|Statement of Applicability]]<br clear=all>
 
=== Management Summary ===
This report provides a management overview of the measures and controls assigned to a standard/norm:
*Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
*A bar chart shows the number of measures & controls by main chapters. The number is the sum of the measures or controls assigned to the main chapter and each sub-chapter below it. A measure or control assigned several times is only counted once per main chapter.
*The report takes into account the scope of the standard. If the scope is limited, chapters marked as not applicable are not taken into account. This can be canceled by activating the option "Include not applicable chapters in the statistics".</p>The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.
 
Example report: [[Media:Management Summary Beispiel Bericht.pdf|Management Summary]]
 
<big><b>Generate Management Summary</b></big></p>To generate a management summary, choose a standard/norm and configure the management summary via the report options. Click on the pink download button to generate the report.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Selection of the target score
|For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
|-
!Statistic
|In the statistic, the fulfilments are determined on the basis of the total number of chapters. Only the subchapters are included in the calculation.<br>Example: A standard consists of one superordinate chapter and three subchapters. The calculation basis for the statistic is 3 (= total number of subchapters). The superordinate chapter is only used for structuring purposes.
|-
!Measures and controls details
|Determines whether details for included measures and controls are printed in the report.
|-
!Include mapped standard chapters
|If the selected standard/norm refers to other standards/norms via mappings, the review questions and results linked with those chapters can be included in the report with this option.
|-
!Include not applicable chapters in the statistics
|Determines whether chapters marked as not applicable in the management system are considered in the report.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM Standard Management Summary Bericht erstellen.png|left|thumb|882px|Management Summary]]<br clear=all>
 
== <span id="structural"></span> Structural analysis ==
Reports on RTO and RPO fulfilment can be generated here. You can find more information on RTO and RPO under [[Strukturanalyse#RTO | "Risk management → Structural analysis"]].
[[Datei:RM RTO RPO auswahl.png|left|thumb|901px|Select RTO or RPO report]]
<br clear=all>
<br clear=all>


== Auditplan==
=== RTO-Fulfillment ===
This report shows whether or not the requirements derived from the various protection needs analyses (PNAs) for the resources can be met in terms of the maximum justifiable recovery time in each case.</p>The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum justifiable recovery time.</p>If the report is restricted to a resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered.
 
<big><b>Generate RTO-Fulfillment report</b></big></p>To generate a RTO fulfillment report, click the pink download button.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Statistic
|Determines whether a statistic with graphics on the degree of fulfillment and coverage is included.
|-
!Fulfilled requirements
|Determines whether identified fulfilled requirements are included.
|-
!Not fulfilled requirements
|Determines whether identified not fulfilled requirements are included.
|-
!Resources with defined information
|Determines whether resources with defined information are included.
|-
!Resources with undefined/irrelevant information
|Determines whether resources with undefined or irrelevant information are included.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM RTO Erfüllung Bericht erstellen.png|left|thumb|902px|Create RTO report]]<br clear=all>


In einem Auditplan werden alle Überprüfungen, die im Zuge des Audits durchgeführt werden oder wurden, sowie deren Prüfobjekte, angeführt.  
=== RPO-Fulfillment ===
This report shows whether the requirements derived from the various protection needs assessments (PNAs) for the resources in terms of maximum acceptable data loss can be met in each case or not.</p>The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum acceptable data loss.</p>If the report is restricted to one resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered.


[[Media:Auditplan Bericht.pdf | Auditplan Beispiel Bericht]]
<big><b>Generate RPO-Fulfillment report</b></big></p>To generate an RPO fulfillment report, click the pink download button.
{| class="wikitable"
! colspan="2" | <b>Report options</b>
|-
!Table of contents
|This option determines whether a table of contents is included in the report.
|-
!Statistic
|Determines whether a statistic with graphics on the degree of fulfillment and coverage is included.
|-
!Fulfilled requirements
|Determines whether identified fulfilled requirements are included.
|-
!Not fulfilled requirements
|Determines whether identified not fulfilled requirements are included.
|-
!Resources with defined information
|Determines whether resources with defined information are included.
|-
!Resources with undefined/irrelevant information
|Determines whether resources with undefined or irrelevant information are included.
|-
!Appendix with explanations
|Adds an apendix with different explanatory texts.
|-
|}
[[Datei:RM RPO Erfüllung Bericht erstellen.png|left|thumb|902px|Create RPO report]]<br clear=all>


<!--
HITGuard offers the possibility of generating various risk management reports under "Risk management → Reports".


'''Auditplan erstellen:'''
[[Datei:RM Berichtauswahl allgemein.png|left|thumb|901px|Report selection]]
<br clear=all>


Um einen Auditplan zu generieren, navigieren Sie zu "Risikomanagement → Berichte → Auditplan". Dort werden alle Audits, die im ausgewählten Managementsystem angelegt sind, zur Berichtserstellung angezeigt. Anschließend müssen Sie lediglich ein Audit auswählen und auf den Button "Auditplan als PDF herunterladen" klicken, um den Bericht zu generieren.
To create a report, first choose a type of report. Subsequently, choose which data to include in the report (e.g. risks or reviews). Most reports also have additional report options which allow further specification of the report's contents.


[[Datei:Berichte Auditplan.PNG|left|thumb|805px|Auditplan erstellen]]
<b>Languages:</b><br>
Knowledge bases can be made available in different languages due to stored translations for used knowledge bases. For example, to generate a report with the English texts, the language must be changed using the flag icon at the top right of the screen, next to the logout button. This will load all content for the reports in the desired language, provided that a translation in that language is available for the knowledge base.
 
<b>Download options:</b><br>
The reports are available for download as PDF or DOCX files. Click the pink button to generate and download a report. Then, choose whether the report should be downloaded as a PDF or DOCX.
 
Additionally, there is the option to generate and archive the reports including revision information. In doing this, the report can be viewed, generated anew, or downloaded again by an expert under "Administration → Report archive". More information about this can be found under <b>[[Special:MyLanguage/Berichtsarchiv | "Administration → Report archive"]]</b>.
 
When generating reports with revision information in the archive, there is also the option to send the report by e-mail to various recipients right away. More information about this can be found in the <b>[[Special:MyLanguage/Berichtsarchiv | report archive]]</b> and under <b>[[Special:MyLanguage/Textbausteine | "Administration → Text blocks"]]</b>.
 
<b>Remembering report options:</b>
Some of the report options can be found for various reports. For these, the selected options are remembered within the management system and for the individual user, and then also applied for other reports with that same option. For example, if the option "Table of contents" is selected, then it will already be selected when accessing any other report pages that use this option.
 
<b>Licenses:</b></br>
If no valid license for HITGuard is available, this will be displayed in the footer of the report! To change this, an expert or administrator has to request/upload a license under [[Special:MyLanguage/Lizenzierung | "Administration → Licensing"]].
 
The following reports are offered in the risk management section of HITGuard:
 
== <span id="hazard_sit"></span> Risks ==
===General risk report===
 
In this report, details on risks are presented. In addition, the risks are positioned in a risk matrix according to their criticality.
 
The measures and controls to be taken or already taken can be displayed for the individual risks. Furthermore, the development of the risks over time can be displayed.
 
Users with the Compliance Manager role will also see measures and controls from all other management systems.
 
[[Media:Risikobericht ohne Maßnahmen mit Entwicklung.pdf | Risk report example of risks without M/C incl. development over time (DE)]]
 
'''Generate risk report:'''
 
To generate a risk report, you have to navigate to "Risk Management → Reports → Risks → General". There you have several options to generate the report:
# '''Risks''': You can generate a risk report for one or more risks. However, you can only generate risk reports in management systems to which you are assigned.
# '''Structural elements''': You can list all the risks assigned to the selected structural elements.
# '''Responsible person(s)''' (compliance manager only): You can generate a risk report in which all risks are listed for which a specific team or a responsible person is responsible.
 
After that, just click on the pink download button to generate the report.
 
<big><b>Report options</b></big>
 
With the report options, you can specify what status measures/controls have to be in in order to appear in the report.
 
Additionally, you can decide whether or not to show the [[Special:MyLanguage/Risikobewertung#time_dev | temporal development ]] of the risks in the report and whether or not to add the gaps linked with the respective risks.
 
[[Datei:RM Gefährdungslage Bericht erstellen.png|left|thumb|902px|Generate risk report]]
<br clear=all>
<br clear=all>


== Abweichungsbericht ==
===Gross-net-risk report===
This report lists details about the development of a risk. The focus of the report, therefore, lies on the aspect of the gross-net-risk, which is managed with measures and controls.


In diesem Bericht werden Ergebnisse aus Abweichungsanalysen und Prüfungen dargestellt.
All to-be-implemented as well as already implemented measures and controls are listed for the individual risks. The gross risk as well as the possible net risk scenarios can be displayed separately. If desired, the development over time of the risk can also be displayed.


Sie können sowohl die Ergebnisse
<b>Caution:</b> The measures and controls from other management systems are only visible for users with the role "Compliance manager".
# einer oder mehrerer Überprüfungen
# alle Ergebnisse für eine verantwortliche Person oder
# alle Ergebnisse bezogen auf eine Organisationseinheit auswerten.


Ebenso können Sie den gewünschten Zielreifegrad einstellen sowie Maßnahme und Kontrollvorschläge in den Bericht inkludieren.
[[Media:Brutto-Netto-Risikobericht.pdf | Example Gross-net-risk report: gross and net risks shown with matrices, no details for M/C (DE)]]


<b>Achtung:</b> Punkt 2 und 3 ist nur verfügbar, wenn Sie über die Rolle "Compliance Manager" verfügen.
<big><b>Create gross-net-risk report:</b></big>


[[Media:Abweichungsbericht Beispiel Überprüfungen.pdf |  Abweichungsbericht Beispiel Überprüfungen ohne Vorschläge ZR 5]]
To generate a gross-net risk report, you have to navigate to "Risk Management → Reports → Risks → Gross-net-risk". There you can generate the report for a selected risk with different characteristics. Reports can only be created for risks in management systems one is authorized for. (The exception are compliance managers, who can generate reports for all risks in all management systems.)


[[Media:Abweichungsbericht Beispiel Verantwortlich.pdf |  Abweichungsbericht Beispiel Verantwortliche mit Vorschlägen ZR 3]]
Click the pink download button to generate the report.


[[Media:Abweichungsbericht Beispiel OrgEh.pdf |  Abweichungsbericht Beispiel Organisationseinheit alle Prüffragen ohne Vorschläge ZR 2]]
<big><b>Report options</b></big>


'''Abweichungsbericht erstellen:'''
The exact structure and content of the report can be configured with the report options.
*<u>Gross risk</u>: Adds the probability of occurrence and the extent of damage of the original gross risk.
*<u>Treatment of the gross risk</u>: Adds the measures and control intended for the treatment of the gross risk.
*<u>Ability to Control</u>:  Adds the ability to control of the treating measures and controls to the information of the gross risk.
*<u>Treatment of the current risk</u>: Adds the measures and control intended for the treatment of the gross risk.
*<u>Net risk with best/most likely/worst case</u>: Adds the probability of occurrence and the extent of damage of the selected net risk scenarios. At least one scenario needs to be selected for this.
*<u>Risk matrices</u>: Adds the matrix as an image to the textual information of the gross and net risks.
The remaining report options control the amount of details for the report's content.


[[Datei:Abweichungsbericht auswahl.png|left|thumb|803px|Abweichungsbericht erstellen]]
[[Datei:Berichtseite BNR.png|left|thumb|902px|Create gross-net-risk report]]
<br clear=all>
<br clear=all>


Um einen Abweichungsbericht zu generieren navigieren Sie zu "Risikomanagement → Berichte → Abweichungsanalyse". Dort gibt es mehrere Möglichkeiten einen solchen Bericht zu erstellen:
<span id="Schutzbedarf"></span>
# Überprüfungen
== <span id="prot_need"></span> Protection needs ==
#:* Sie können mehrere Überprüfungen selektieren und analysieren.
 
#:* Sie können nur in Managementsystemen, denen Sie zugeteilt sind, Abweichungsberichte zu Überprüfungen erstellen.
In this report, the results of either one or multiple protection needs analyses are displayed. Choices can be made regarding the summary of the results as well as their details. Additionally, it's possible to add an appendix with explanations for the basis of the assessment in the protection needs analysis.
#:* Bei der Auswahl werden nur Überprüfungen des aktuellen Managementsystems im ausgewählten Analysezeitraum angezeigt.  
 
# Verantwortliche(r) (nur Compliance Manager)
<big><b>Generate protection needs report:</b></big>
#:* Sie können alle Überprüfungen analysieren für die ein Team oder ein Verantwortlicher zuständig ist.
 
# Organisationseinheit (nur Compliance Manager)
To generate a protection needs analysis, you have to navigate to "Risk management → Reports → Protection needs". Then, choose which protection needs analysis to generate the report for and configure this via the report options.
#:* Sie können alle Überprüfungen, die innerhalb einer Organisationseinheit angelegt wurden, analysieren.
 
#:* Bei der Auswahl werden nur Organisationseinheiten angezeigt, für die im aktuellen Managementsystem und im ausgewählten Analysezeitraum Überprüfungen existieren.  
To generate the report click on the pink download button. This is only possible in PDF format for this report.
 
<big><b>Report options:</b></big>
 
* <u>Summary</u>: Selecting this option adds a summary of all results in the form of a crosstab to the report.


Über die Berichtsoptionen kann konfiguriert werden, welche Informationen im Bericht ausgewählt werden.  
* <u>Summary details</u>: In addition to the crosstab, the upper section of the summary includes a list of all interviews that form part of the crosstab's data source.


Es ist möglich einen Bericht über mehrere Analysezeiträume zu erstellen. Dafür müssen Sie jeden Analysezeitraum in dem Sie Überprüfungen verfügbar wollen durchgehen und die Überprüfungen selektieren. Wählen Sie einen neuen Analysezeitraum, werden die Überprüfungen aus den vorherigen nicht mehr angezeigt, bleiben aber selektiert.
* <u>Interview results</u>: In addition to the crosstab of an individual interview, the rationale for the assessments of the individual protection needs is added.


Anschließend klicken Sie auf den jeweiligen Button "Abweichungsbericht als PDF herunterladen", um den Abweichungsbericht zu generieren.
* <u>Table of contents</u>: Decides whether the table of contents is printed or not.


== Gefährdungslagenbericht ==
* <u>Appendix with explanations</u>: This report contains calculations of statistics, key figures or other content requiring explanation. An appendix with explanations is therefore generated by default. If this is not desired, this report option can be deactivated.


In diesem Bericht werden Details zu Gefährdungslagen dargestellt. Zusätzlich werden die Gefährdungslagen in einer Risikomatrix nach ihrer Kritikalität positioniert.  
[[Datei:RM Schutzbedarf Bericht erstellen.png|left|thumb|906px|Reports for Protection needs analyses]]
<br clear=all>


Zu den einzelnen Gefährdungslagen können die zu ergreifenden bzw. die bereits ergriffenen Maßnahmen und Kontrollen dargestellt werden. Weiters kann die zeitliche Entwicklung der Gefährdungslagen mit ausgegeben werden.
<span id="Abweichungsanalysen"></span>
== <span id="gap_report"/> Gap report ==


Benutzern mit der Rolle "Compliance Manager" werden zudem Maßnahmen und Kontrollen aus allen anderen Managementsystemen angezeigt.  
In this report, the results of either one or multiple gap analyses are displayed. When choosing the reviews, take note that they are limited by the chosen analysis period. An array of report options allow you to configure the reports to be displayed the way you need them.


[[Media:Risikobericht ohne Maßnahmen mit Entwicklung.pdf |  Risikobericht Beispiel Gefährdungslagen ohne M / K inkl. zeitlicher Entwicklung]]
[[Media:Abweichungsbericht Beispiel Überprüfungen.pdf |  Gap report example: reviews without proposals ZR 5]]


[[Media:Risikobericht inkl offener M K.pdf |  Risikobericht Beispiel Gefährdungslagen inkl. ausgesetzte M / K]]
[[Media:Abweichungsbericht Beispiel Verantwortlich.pdf |  Gap report example: responsible with pProposals ZR 3]]


[[Media:Risikobericht inkl aller M K.pdf |  Risikobericht Beispiel Gefährdungslagen inkl. aller M / K]]
[[Media:Abweichungsbericht Beispiel OrgEh.pdf |  Gap report example: organizational unit all audit questions without proposals ZR 2]]


[[Media:Risikobericht Beispiel Verantwortlich.pdf | Risikobericht Beispiel Verantwortliche(r) ohne ausgesetzte M / K]]
'''Create deviation report:'''


[[Media:Risikobericht Beispiel Strukturelement.pdf |  Risikobericht Beispiel Strukturelemente ohne ausgesetzte M / K]]
To generate a deviation report navigate to "Risk Management → Reports → Gap Analyses". There, you have several options to generate such a report:
# '''Reviews''': This report contains all information about the selected reviews. The selection shows only reviews from the current management system in the selected analysis period (with the report options to the right).
# '''Responsible(s)''' (compliance manager only): This report contains all reviews the selected person(s) or team(s) is/are responsible for.
# '''Organizational unit''' (compliance manager only): This report contains all reviews that have been created for an organizational unit. The selection shows only organizational units for which reviews exist in the current management system and within the selected analysis period.


'''Gefährdungslagenbreicht erstellen:'''
It is possible to create a report for several analysis periods. For this, change the analysis period among the report options to the right. Then, the reviews of the chosen analysis period are made available.


[[Datei:Risikobericht auswahl.png|left|thumb|804px|Gefährdungslagenbericht erstellen]]
<b>Caution:</b> If you select a new analysis period, the reviews from the previous ones will no longer be displayed, but will remain selected.
 
After that, click on the respective pink download button to generate the gap report.
 
<big><b>Report options</b></big>
* <u>Management system</u>: (compliance manager only) This option controls which management system the available elements come from. This allows for generating a report that spans multiple management systems.
* <u>Analysis period</u>: This options controls what analysis period the available reviews come from.
* <u>Target score</u>: This option shows, when a response to a question constitutes a gap. If the response is below the defined value, it is a gap.
* <u>Treatment plan by determination type</u>: This option adds a short overview of all measures and controls at the beginning of the report, grouped by Hints/Recommendations/Minor deviations/Major deviations.
The remaining options specify which information is added regarding the questions and what characteristics questions need to have in order to be printed in the report.
 
You can also choose to add the measures and controls linked with the review questions.
 
[[Datei:RM Abweichungsanalysen Bericht erstellen.png|left|thumb|902px|Create gap report]]
<br clear=all>
 
<span id="Konformität"></span>
== <span id="conf"></span> Conformity report ==
 
[[Datei:RM Konformität auswahl.png|left|thumb|650px|Choose conformity type]]
<br clear=all>
 
Here, you can generate reports to show the conformity with a standard or norm as well as the results of gap analyses.
 
These reports show a distinct average score for each requirement or norm chapter. This average score is calculated as follows:
* For requirements:
:: All review questions are weighted equally. This means, if a requirement has 10 review questions, 5 of which are at score  3, 3 are at 4 and 2 are at 2, then the average score is: (5*3+3*4+2*2)/10 and comes out to 3.1.
* For standard/norm chapters:
:: A distinction is made between primary and secondary chapter levels.
::* At the lower level, norm chapters map onto requirements. This means, that the average score for the requirements is calculated as shown above. In the next step, the averages of the requirements are summed up and divided by the number of requirements. Therefore, a chapter with 3 requirements that have a level of 2.5, 3.3 and 4.1, respectively, the average score is: (2.5+3.3+4.1)/3 and comes out to 3.3.
::* At the upper level, chapters map onto secondary chapters as well as requirements, potentially. The average score of the primary chapter stems from the sum of the averages of its direct secondary chapters and the sum of the mapped requirements. This means, if a primary chapter has 2 secondary chapters with a level of 4 each and 3 chapters with 2, 3 and 4, respectively, then the average score for the primary chapter is: (4+4+2+3+4)/5 and comes out to 3.4.
 
=== <span id="comp_review"/> Conformity report by reviews ===
----
 
The purpose of this report is to graphically illustrate the fulfillment of the prerequisites based on individual reviews. The fulfillment of the prerequisite points is presented visually in the form of spider diagrams, pie charts or tachometers.
 
 
<big><b>Create report of conformity by reviews:</b></big>
 
# '''Reviews''': You can generate a conformity report from one or more reviews.
# '''Responsible''' (compliance manager only): You can generate a compliance report for one responsible person or team, where all reviews assigned to this responsible person or team are analyzed.
# '''Organizational units''' (compliance manager only): You can generate a compliance report for an organizational unit, where all reviews assigned in this organizational unit are analyzed.
 
[[Media:Konformitätsbericht Beispiel Überprüfung.pdf| Conformity report example: by reviews]]
 
[[Media:Konformitätsbericht Beispiel Verantwortlicher.pdf |  Conformity report example: responsible person]]
 
<big><b>Report options</b></big>
* <u>Management system (compliance manager only):</u> This option controls which management system the available reviews come from. This allows for generating a report that spans multiple management systems.
* <u>Analysis period</u>: This options controls what analysis period the available reviews come from. This allows for generating a report that spans multiple analysis periods. If you change the analysis period, the previous reviews are not displayed but remain selected. They are only displayed within their respective analysis period.
* <u>Target score</u>: This option shows, when a response to a question constitutes a gap. If the response is below the defined value, it is a gap.
* <u>Treatment plan by determination type</u>: This option adds a short overview of all measures and controls at the beginning of the report, grouped by Hints/Recommendations/Minor deviations/Major deviations.
 
The remaining options allow for further configurations, such as which review questions to add, whether or not to include only completed reviews (relevant for commpliance managers when choosing the responsible person/organizational unit), how the table of content is to be structured and whether the audit title should be displayed (if available).
 
[[Datei:RM Konformität nach Überprüfung Bericht erstellen.png|left|thumb|902px|Conformity by review]]
<br clear=all>
 
=== Conformity report by standards and norms ===
----
 
The purpose of this report is to graphically illustrate the fulfillment of the prerequisites in each requirement area of the standard. The fulfillment of the prerequisite items will be visually represented in the form of spider diagrams, pie charts, or tachometers. After selecting a standard, a list of applicable knowledge bases and their various versions will appear. From this, choose all knowledge bases and versions thereof which are to be part of the report's data basis.
 
For display purposes, questions answered Yes, No, or Partially are converted to scores. "No" corresponds to score 1, "Partial" corresponds to score 3, and "Yes" corresponds to score 5.
 
<big><b>Create conformity report by standard:</b></big>
 
First, the desired norm or standard must be selected for which a conformity report is to be generated. Then you have to select which knowledge bases should be considered for the report.
 
The selected knowledge bases form the basis for the evaluations in the report. Only knowledge bases that have a mapping to the selected standard and at least one review object (of a gap analysis) are displayed. If a review object exists in several versions, only the one with the highest version is considered. If a restriction is also made to an OrgUnit, the highest version of the review object that is linked to the OrgUnit is used. In addition, note that reviews may not be in the state "Draft" or the respective knowledge bases will also not be listed.
 
<big><b>Report options</b></big>
* <u>Management system (compliance manager only):</u> This option controls which management system the available reviews come from. This allows for generating a report that spans multiple management systems.
* <u>Analysis period</u>: This option controls for which analysis period the conformity report should be created. This ensures that only test objects up to and including the selected analysis period are taken into account. Test objects from more recent analysis periods (newly created or re-evaluated) will not be included in the report.
* <u>Time period</u>: The period can be limited to a certain date in addition to the analysis period.
* <u>Target score</u>: This option shows when a response to a question constitutes a gap. If the response is below the defined value, it is a gap.
* <u>Questions</u>: These options specify which information is added regarding the questions and what characteristics questions need to have in order to be printed in the report.
* <u>Target score on the cover page</u>: This option controls whether the set target score is printed on the cover page of the report.
* <u>Only closed reviews</u>: This option decides whether review results from open reviews are considered in the analysis or only those of closed ones.
* <u>Include mapped standard chapters</u>: This option decides whether review results should be included that are related to mapped norm chapters. This means chapters in previous and follow-up versions of the norm, as well as other thematically related norms.
* <u>Organizational unit</u>: This options allows for limiting the conformity report to the selected organizational unit and those below it in the hierarchy.This means that only review objects that are linked to the selected OrgEh in are relevant for the evaluation in the report.
* <u>Type of evaluation</u>:
:*Tabular evaluation
:*Tabular evaluation + graphical evaluation of the main chapters
:*Graphical evaluation of the main chapters
:*Graphical evaluation of the mail chapters & subchapters incl. questions
* <u>Not applicable chapters</u>: This option allows you to exclude those chapters that have been marked as "not applicable" for the management system from the report.
 
[[Datei:RM Konformität nach Standard Bericht erstellen.png|left|thumb|901px|Conformity report by standard or norm]]
<br clear=all>
<br clear=all>


Um einen Abweichungsbericht zu generieren müssen Sie zu "Risikomanagement → Berichte → Abweichungsanalyse" navigieren. Dort gibt es mehrere Möglichkeiten einen Abweichungsbericht zu generieren:
== <span id="san"></span> Standards and Norms ==
# Gefährdungslagen
Reports about standards and norms can be generated here.
#:* Sie können einen Gefährdungslagenbericht zu einer oder mehreren Gefährdungslagen generieren.
#:* Sie können allerdings nur in Managementsystemen, zu denen Sie zugeteilt sind, Gefährdungslagenberichte erstellen.
# Verantwortliche(r) (nur Compliance Manager)
#:* Sie können einen Gefährdungslagenbericht generieren in dem alle Gefährdungslagen angeführt werden für die ein Team oder ein Verantwortlicher zuständig ist.
# Strukturelemente
#:* Sie können alle Gefährdungslagen, die den selektierten Strukturelemente zugeteilt sind, anführen.


Anschließend klicken Sie lediglich auf den Button "Gefährdungslagenbericht als PDF herunterladen", um den Bericht zu generieren.
[[Datei:RM Standards auswahl.png|left|thumb|901px|Choose report for standards and norms]]
<br clear=all>


== Maßnahmen- und Kontrollberichte ==
The chapter applicability for the reports is calculated as follows:


Um einen Maßnahmen- oder Kontroll-Bericht erstellen zu können müssen Sie ein Compliance Manager sein.
{| class="wikitable"
!Scenario 1:
|Chapter 1 - without measures<br>Chapter 1.1 - with a measure<br>Chapter 1.2 - with a measure<br><br>The applicability of chapter 1 is 100%, because all chapters below have assigned measures.
!Scenario 2:
|Chapter  1 - with a measure<br>Chapter 1.1 - without measures<br>Chapter 1.2 - without measures<br><br>The applicability of chapter 1 is 100%. As the measure is assigned to the super-chapter, it also counts towards the sub-chapters.
!Scenario 3:
|Chapter 1 - without measures<br>Chapter 1.1 - with a measure<br>Chapter 1.2 - without measures<br><br>The applicability of chapter 1 is 50%, because only half of its sub-chapters have measures assigned to them.
|}


In diesem Bericht werden zu jedem Risiko die zu ergreifenden bzw. die ergriffenen Maßnahmen und Kontrollen dargestellt. Ebenso besteht die Möglichkeit, Berichte über den Status der - auf eine Norm gemappten - Maßnahme und Kontrolle zu generieren oder einen Bericht für das Management zu erstellen. In diesem erhalten Sie eine Zusammenfassung der - auf eine Norm gemappten - Maßnahmen und Kontrollen.
=== Statement of Applicability (SOA)===
----
This report shows which chapters of the standard are "applicable" or "not applicable" in the management system. It also includes the justification for each chapter's applicability and the measures and controls associated with the chapters.


* Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
* In the donut diagrams, the scope of the standard is taken into account. If this has been restricted, chapters marked as not applicable are not taken into account. This can be canceled by activating the option Include not applicable chapters in the statistics.


[[Media:Maßnahmen- und Kontrollbericht Beispiel.pdf | Maßnahmen- und Kontrollbericht Beispiel]]
The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.


[[Media:Maßnahmenbericht Norm Beispiel.pdf |  Maßnahmenbericht zu einer Norm ]]
With the option "Include mapped standard chapters", the database can be extended to mapped standard chapters. This means that if standard S1 has a chapter C that is mapped to standard S2 chapter C (S1.C => S2.C) and a report is generated from standard S1, the report will also include actions and controls that are mapped to standard S2 chapter C. This behavior also applies to chapters mapped from S2.C.


[[Media:Management Summary Beispiel Bericht.pdf | Management Summary Beispiel Bericht]]
{| class="wikitable"
!<u>Measures:</u>
|Green = Completed measures<br>Orange = Suspended measures<br>Blue = Open measures
|}


'''Maßnahmen- und Kontrollbericht erstellen:'''
{| class="wikitable"
!<u>Measures for chapters: </u>
|Red = Chapter without measures<br>Blue = Chapter with open measures<br>Green = Chapter with completed measures
|}


[[Datei:Maßnahmen und Kontrllbericht Bericht auswahl.png|left|thumb|804px|Maßnahmen und Kontrollbericht erstellen]]
{| class="wikitable"
!<u>Controls to chapters:</u>
|Orange = Suspended controls to chapters<br>Green = Active controls to chapters<br>Red = Chapters without controls
|}
 
<big><b>Create Statement of applicability (SOA)</b></big>
 
To generate an SOA, choose a standard/norm and configure the SOA via the report options. Click on the pink download button to generate the report.
 
<big><b>Report options</b></big>
* <u>Management system (compliance Manager only)</u>: This option controls which management system the available reviews come from. This allows for generating a report that spans multiple management systems.
* <u>Analysis period</u>: This options controls what analysis period the available measures and controls come from.
 
The remaining options specify which information is added to the report. For example, "Show statistic" controls whether the donut diagrams are displayed.
 
 
[[Datei:RM Standard SOA Bericht erstellen.png|left|thumb|882px|Statement of Applicability]]
<br clear=all>
<br clear=all>


Um einen Abweichungsbericht zu generieren navigieren Sie zu "Risikomanagement → Berichte → Maßnahmen und Kontrollen". Dort finden sich mehrere Möglichkeiten einen Maßnahmen- und Kontrollbericht zu erstellen:
=== Management Summary ===
# Risiken
----
#:* Sie können einen Maßnahmen- und Kontrollbericht von einem einzelnen Risiko generieren.
This report provides a management overview of the measures and controls assigned to a standard/norm.
#:* Sie können allerdings nur in Managementsystemen, in denen Sie zugeteilt sind, Risikoberichte erstellen.
#:* Sie haben die Option Maßnahmen oder Kontrollen über die Berichtsoptionen zu inkludieren oder zu exkludieren.
# Standards/Norm
#:* Sie können einen Maßnahmen-, Kontroll- oder einen zusammengefassten Management-Bericht zu einem Standard oder einer Norm generieren. In diesen Berichten werden alle - auf eine Norm gemappten - Maßnahmen und Kontrollen angezeigt.


Anschließend klicken Sie auf den jeweiligen Button "Bericht als PDF herunterladen", um den Maßnahmen- und Kontrollbericht zu generieren.
* Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
* A bar chart shows the number of measures & controls by main chapters. The number is the sum of the measures or controls assigned to the main chapter and each sub-chapter below it. A measure or control assigned several times is only counted once per main chapter.
* The report takes into account the scope of the standard. If the scope is limited, chapters marked as not applicable are not taken into account. This can be canceled by activating the option Include not applicable chapters in the statistics.


== Konformitätsbericht ==
The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.


[[Datei:Komformitätsbericht auswahl.png|left|thumb|803px|Konformitätsbericht erstellen]]
[[Media:Management Summary Beispiel Bericht.pdf |  Management Summary example report]]
 
<big><b>Create management summary </b></big>
 
To generate a management summary, choose a standard/norm and configure the management summary via the report options. Click on the pink download button to generate the report.
 
<big><b>Report options</b></big>
* <u>Management system (compliance manager only)</u>: This option controls which management system the available reviews come from. This allows for generating a report that spans multiple management systems.
* <u>Analysis period</u>: This options controls what analysis period the available measures and controls come from.
 
The remaining options specify which information is added to the report. For example, "Statistic" controls whether the donut diagrams are displayed.
 
[[Datei:RM Standard Management Summary Bericht erstellen.png|left|thumb|882px|Management Summary]]
<br clear=all>
<br clear=all>


=== Konformitätsbericht nach Überprüfungen ===
== <span id="structural"></span> Strukturanalyse ==
Reports on RTO and RPO fulfillment can be generated here. You can find more information on RTO and RPO under [[Strukturanalyse#RTO | "Risk management → Structural analysis"]].
[[Datei:RM RTO RPO auswahl.png|left|thumb|901px|Select RTO or RPO report]]
<br clear=all>


In diesem Bericht soll die Erfüllung der Voraussetzungen anhand einzelner Überprüfungen grafisch dargestellt werden. Die Erfüllung der Anforderungspunkten wird visuell in Form von Spinnendiagrammen, Tortendiagrammen oder Tachos dargestellt.
<span id="RTO-Erfüllung"></span>
=== RTO-Fulfillment ===


# Überprüfungen:
This report shows whether or not the requirements derived from the various protection needs analyses (PNAs) for the resources can be met in terms of the maximum justifiable recovery time in each case.
#:* Sie können einen Konformitätsbericht von einer oder mehreren Überprüfungen generieren.
# Verantwortliche: (nur Compliance Manager)
#:* Sie können einen Konformitätsbericht von einem Verantwortlichen generieren, bei der alle Überprüfungen, die diesem Verantwortlichen zugeteilt sind, analysiert werden.
# Organisationseinheiten: (nur Compliance Manager)
#:* Sie können einen Konformitätsbericht zu einer Organisationseinheit generieren, bei der alle Überprüfungen, die in dieser Organisationseinheit zugeteilt sind, analysiert werden.


[[Media:Konformitätsbericht Beispiel Überprüfung.pdf| Konformitätsbericht Beispiel: Überprüfungen]]
The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum justifiable recovery time.


[[Media:Konformitätsbericht Beispiel Verantwortlicher.pdf |  Konformitätsbericht Beispiel: Verantwortlicher]]
If the report is restricted to a resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered.


=== Konformitätsbericht nach Standards und Normen ===
<big><b>Create RTO-Fulfillment report</b></big>


In diesem Bericht soll die Erfüllung der Voraussetzungen in den einzelnen Anforderungsbereichen des Standards grafisch dargestellt werden. Die Erfüllung der Anforderungspunkte wird visuell in Form von Spinnendiagrammen, Tortendiagrammen oder Tachos dargestellt. Für die Darstellung werden Fragen, die mit Ja, Nein oder Teilweise beantwortet wurden, zu Reifegraden umgewandelt. "Nein" entspricht Reifegrad 1, "Teilweise" Reifegrad 3 und "Ja" entspricht Reifegrad 5.
To generate a RTO fulfillment report, first choose the resource for which the RTO fulfillment is to be analyzed and configure the report via the options.  


*Standards und Normen
Then, click the pink download button to generate the report.
::Sie können einen Konformitätsbericht zu einem Standard oder einer Norm generieren. In diesen Berichten werden alle - auf eine Norm gemappte - Prüfobjekte mit ihrer Beantwortung ausgewählt. Zusätzlich kann der Bericht auf eine Organisationseinheit eingeschränkt werden, was es ermöglicht die Erfüllung einer Norm für einzelne Organisationseinheiten auszuwerten.


[[Media:Konformitätsbericht Beispiel Norm.pdf |  Konformitätsbericht Beispiel: Norm]]
<big><b>Report options</b></big>


Zu Beachten:
This report contains calculations of statistics, key figures or other content requiring explanation. An appendix with explanations is therefore generated by default. If this is not desired, this report option can be deactivated.
* In den Berichten werden nur Überprüfungen / Prüfobjekte dargestellt, die dem ausgewählten Managementsystem zugeteilt sind.
* Ebenso werden zur Auswahl nur Überprüfungen angeboten, die im ausgewählten Analysezeitraum angelegt wurden.
* Über die Berichtsoptionen können zusätzliche Informationen, die im Bericht sein sollen, konfiguriert werden.


Anschließend klicken Sie auf den jeweiligen Button "Bericht als PDF herunterladen", um den Konformitätsbericht zu generieren.
It can also be decided whether fulfilled or not fulfilled requirements should appear in the report or not.


== Standards und Normen ==
It is also possible to configure how much information about the relevant resources is printed in the report.


[[Datei:Standards und Normen Berichte.png|left|thumb|800px|Standards und Normen Berichte]]
[[Datei:RM RTO Erfüllung Bericht erstellen.png|left|thumb|902px|Create RTO fulfillment report]]
<br clear=all>
<br clear=all>


=== Statement of Applicability (SOA)===
<span id="RPO-Erfüllung"></span>
=== RPO-Fulfillment ===
 
This report shows whether the requirements derived from the various protection needs assessments (PNAs) for the resources in terms of maximum acceptable data loss can be met in each case or not.
 
The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum acceptable data loss.
 
If the report is restricted to one resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered.
 
<big><b>Create RPO-Fulfillment report</b></big>


In diesem Bericht wird dargestellt, welche Kapitel der Norm im Managementsystem "anwendbar" bzw. "nicht anwendbar" sind. Dazu findet sich die Begründung zur jeweiligen Anwendbarkeit und die mit den Kapiteln verknüpften Maßnahmen und Kontrollen.
To generate an RPO-Fulfillment report, first select the resource for which RPO-Fulfillment is to be analyzed and configure the report using the report options.  


<u>Maßnahmen:</u>
Then, click the pink download button to generate the report.
*Grün = Abgeschlossene Maßnahmen
*Orange = Ausgesetzte Maßnahmen
*Blau = Offene Maßnahmen


<u>Maßnahmen zu Kapiteln: </u>
<big><b>Report options</b></big>
*Rot = Kapitel ohne Maßnahmen
*Blau = Kapitel mit offenen Maßnahmen
*Grün = Kapitel mit erledigten Maßnahmen


<u>Kontrollen zu Kapiteln:</u>
This report contains calculations of statistics, key figures or other content requiring explanation. An appendix with explanations is therefore generated by default. If this is not desired, this report option can be deactivated.
*Orange = Ausgesetzte Kontrollen zu Kapiteln
*Grün = Aktive Kontrollen zu Kapiteln
*Rot = Kapitel ohne Kontrollen


=== Management Summary ===
It can also be decided whether fulfilled or not fulfilled requirements should appear in the report or not.


In diesem Bericht finden Sie einen Überblick über das Management, über die Summe, Art und Status von Maßnahmen sowie Kontrollen, die einem/r bestimmten Standard/Norm zugewiesen wurden. Die Auswertung aggregiert die Ergebnisse auf der ersten Kapitelebene des/der Standards/Norm für einen besseren Gesamtüberblick.
It is also possible to configure how much information about the relevant resources is printed in the report.


[[Media:Management Summary Beispiel Bericht.pdf | Management Summary Beispiel Bericht]]
[[Datei:RM RPO Erfüllung Bericht erstellen.png|left|thumb|902px|Create RPO-Fulfillment report]]
<br clear=all>
-->

Aktuelle Version vom 16. Mai 2025, 08:42 Uhr

HITGuard offers the possibility of generating various risk management reports under "Risk management → Reports".

Report selection


To create a report, first choose a type of report. Subsequently, choose which data to include in the report (e.g. risks or reviews). Most reports also have additional report options which allow further specification of the report's contents.

Knowledge bases can be made available in different languages due to stored translations for used knowledge bases. For example, to generate a report with the English texts, the language must be changed using the flag icon at the top right of the screen, next to the logout button. This will load all content for the reports in the desired language, provided that a translation in that language is available for the knowledge base.

Download options:
The reports are available for download as PDF or DOCX files. Click the pink button to generate and download a report. Then, choose whether the report should be downloaded as a PDF or DOCX.

Additionally, there is the option to generate and archive the reports including revision information. In doing this, the report can be viewed, generated anew, or downloaded again by an expert under "Administration → Report archive". More information about this can be found under "Administration → Report archive".

When generating reports with revision information in the archive, there is also the option to send the report by e-mail to various recipients right away. More information about this can be found in the report archive and under "Administration → Report archive".

Remembering report options:Some of the report options can be found for various reports. For these, the selected options are remembered within the management system and for the individual user, and then also applied for other reports with that same option. For example, if the option "Table of contents" is selected, then it will already be selected when accessing any other report pages that use this option.

Licenses:
If no valid license for HITGuard is available, this will be displayed in the footer of the report! To change this, an expert or administrator has to request/upload a license under "Administration → Licensing".

The following reports are offered in the risk management section of HITGuard:

Risks and opportunities

General risk/opportunity report

In this report, details on risks and opportunities are presented. In addition, the risks and opportunities are positioned in a risk matrix according to their criticality. The measures and controls to be taken or already taken can be displayed for the individual risks and opportunities. Furthermore, the development of the risks and opportunities over time can be displayed.

Caution:Users with the Compliance Manager role will also see measures and controls from all other management systems.

Example risk management report: Risks without M/C details incl. temporal development

Generate risk/opportunity report

To generate a risk/opportunity report, you have to navigate to "Risk Management → Reports → Risks & opportunities → General". There you have several options to generate the report:

  1. Risks and opportunities: You can generate a risk/opportunity report for one or more risks. However, you can only generate reports in management systems to which you are assigned.
  2. Structural elements: You can list all the risks and opportunities assigned to the selected structural elements.
  3. Responsible person(s) (compliance manager only): You can generate a risk/opportunity report in which all risks and opportunities are listed for which a specific team or a person is responsible.

    After that, just click on the pink download button to generate the report.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Gaps Lists all gaps linked with the risk/opportunity.
Measures Dictates whether open AND/OR suspended AND/OR completed measures are printed.

Determines whether the progress overview AND/OR progress protocol AND/OR remarks are printed for the measures.
Controls Dictates whether active AND/OR suspended AND/OR deactivated controls are printed.

Determines whether the statistic AND/OR execution protocol AND/OR remarks are printed for the controls. Determines control executions of which status are included in the execution protocol.
Temporal development Lists the entries of the temporal development of the risk/opportunity in a chapter of their own.
Appendix with explanations Adds an appendix with various explanatory texts to the report.
Generate risk/opportunity report


Gross-net report

This report lists details about the development of a risk or opportunity. The focus of the report, therefore, lies on the aspect of the gross-net-risk/opportunity, which is managed with measures and controls. All to-be-implemented as well as already implemented measures and controls are listed for the individual risks or opportunities. The gross risk/opportunity as well as the possible net scenarios can be displayed separately. If desired, the development over time of the risk/opportunity can also be displayed.

Caution: The measures and controls from other management systems are only visible for users with the role "Compliance manager".

Example gross-net-risk report: Gross and net risk with matrices, no details for M/C

Create gross-net report

To generate a gross-net report, you have to navigate to "Risk Management → Reports → Risks & opportunities → Gross-net". There you can generate the report for a selected risk or opportunity with different characteristics. Reports can only be created for risks or opportunities in management systems one is authorized for. (The exception are compliance managers, who can generate reports for all risks and opportunities in all management systems.)

Click the pink download button to generate the report.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Treatment of the current risk/opportunity Determines whether the measures and controls for the treatment of the current risk/opportunity are included in the report.
Gross risk/opportunity Determines whether the evaluation of the gross risk/opportunity is included in the report.
Treatment of the gross risk/opportunity Determines whether the measures and controls for the treatment of the gross risk/opportunity are included in the report.
Ability to control Determines whether the ability to control of the already implemented sets of measures and controls are included int he report.
Net risk/opportunity Determines whether the evaluation of the net risk/opportunity is included in the report.
Best case AND/OR Most likely case AND/OR Worst case Determines whether and which scenarios of the net risk/opportunity are included in the report.
Matrices Determines whether, in addition to textual information, the evaluation of the gross risk/opportunity and the scenarios of the net risk/opportunity are included in the report as images.
Measures Determines for the measures whether the progress overview AND/OR the progress protocol AND/OR remarks are included in the report.
Controls Determines for the controls whether the statistic AND/OR the execution protocol AND/OR remarks are included in the report. Determines as well whether irrelevant control executions are to be considered in the report.
Time evolution Lists the entries of the risk/opportunity's time evolution in a separate chapter.
Appendix with explanations Adds an apendix with different explanatory texts.
Create gross-net-risk report


ESG

Reports on fields of action can be created here. In addition to the fields of action, detailed information on the risks, opportunities and effects of the fields of action is also printed. The report can be configured with a variety of reporting options so that risks, opportunities and impacts are presented according to your needs.

Create ESG report

To create an ESG report navigate to "Risk management → Reports → ESG". Then, choose the topic followed by the fields of action for which you want to generate a report, and configure it via the report options.

To generate the report click the pink download button.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Fields of action without score If this option is selected, fields of action that do not have a score are printed in the report. Otherwise, the report only contains fields of action that have a gross and/or net score.
Tabular description If this option is selected, all fields of action are additionally printed in the form of a table at the beginning of the report. This is to give an overview of all fields of action selected from the list.
Content from underlying fields of action With this you determine whether linked risks, opportunities, and impacts from lower levels of the hierarchy are printed with fields of action from higher levels of the hierarchy.
Non-material fields of action If this option is selected, non-material fields of action can be included in the report.

Whether a field of action is seen as material or not is configured under "Risk management > Settings".
Example: If the threshold for the financial materiality is set as 15, a field of action must have a financial materiality of 16 or higher, unless the option is selected. The same principle applies to the impact materiality.
Detailed description With this you determine if and which details for the fields of action are to be included in the report:

- gaps
- measures incl. choice of status and details
- controls incl choice of status and details (also for their executions)
- Time evolution

Appendix with explanations Adds an apendix with different explanatory texts.
Create ESG reports


Protection needs

In this report, the results of either one or multiple protection needs analyses are displayed. Choices can be made regarding the summary of the results as well as their details. Additionally, it's possible to add an appendix with explanations for the basis of the assessment in the protection needs analysis.

Generate protection needs report

To generate a protection needs analysis, you have to navigate to "Risk management → Reports → Protection needs". Then, choose which protection needs analysis to generate the report for and configure this via the report options.

To generate the report click on the pink download button.

Report options
Extent of damage This option determines which resources are included in the report. The report includes all resources that have at least one evaluation of the selected extent of damage or worse.
Table of contents This option determines whether a table of contents is included in the report.
Summary If a report contains multiple protection needs analyses, this option can add a summary of all results in the form of a crosstab to the report.
Summary details Prints a list of all interviews included in the data basis of the report above the crosstab.
Interview results Adds the rationale for the assessments of the individual protection needs and the crosstab for each interview to the report.
Appendix with explanations Adds an apendix with different explanatory texts.
Create protection needs reports


Gap analyses

In this report, the results of either one or multiple gap analyses are displayed. When choosing the reviews, take note that they are limited by the chosen analysis period. An array of report options allow you to configure the reports to be displayed the way you need them.

Example gap report: reviews without proposals ZR 5
Example gap report: responsible with proposals ZR 3
Example gap report: organizational unit all audit questions without proposals ZR 2

Generate gap analysis report

To generate a deviation report navigate to "Risk management → Reports → Gap analyses". There, you have several options to generate such a report depending on your role:

  1. Reviews: This report contains all information about the selected reviews. The selection shows only reviews from the current management system in the selected analysis period (with the report options to the right).
  2. Responsible(s) (Compliance manager only): This report contains all reviews the selected person(s) or team(s) is/are responsible for.
  3. Organizational unit (Compliance manager only): This report contains all reviews that have been created for an organizational unit. The selection shows only organizational units for which reviews exist in the current management system and within the selected analysis period.

It is possible to create a report for several analysis periods. For this, change the analysis period among the report options to the right. Then, the reviews of the chosen analysis period are made available.
Caution: If you select a new analysis period, the reviews from the previous ones will no longer be displayed, but will remain selected.

After that, click on the respective pink download button to generate the gap report.

Berichtsoptionen
Selection of the analysis period This option determines which analysis period the report elements come from.
Selection of the target score For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
Target score on the cover page Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
Table of contents This option determines whether a table of contents is included in the report.
Review Header data: if activated, all available information on the review is printed in the header data. If not, the report only shows the reviewed organizational units, beginning an dend of the review, as well as the participants, if filled in.

The remining options determine whether review remarks are printed, and whether and which graphics are included in the report (bar chart AND/OR compliance spider charts).
Review object Header data: if activated, all available information on the review object is printed in the header data. If not, the report only shows name of the review object.

The remining options determine whether and which graphics are included in the report (donut charts AND/OR scoreline).
Treatment plan by determination type Prints the treatment plan (meaning the measures and controls) clustered by determination type at the beginning of the report. This is only possible, if the determination type for reviews is activated in the audit management module.
Note: The treatment plan does not include positive determinations (model implementation).
Find out more on determination types here.
Tabular evaluation of review questions Prints an overview of the review questions and results with their answers in the form of a table. The cells containing the answers are colored as per the target score. Unnecessary review questions/results are grey. Not answered review questions/results are colorless and marked with "-". Anwered information gatherings are marked with "answ.".

All OR Only positive OR Only negative:
Determines for the table whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.

Information gatherings AND/OR Unnecessary AND/OR Not answered:
Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the table.
Detailed evaluation of review questions Prints a detailed overview of the review questions and results with various additional information in the report.

All OR Only positive OR Only negative:
Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.

Information gatherings AND/OR Unnecessary AND/OR Not answered:
Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.

Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:
Determines the inclusion of these elements in the detailed overview of the review questions/results.

Move to appendix:
If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
List attachments/evidences Prints the file names of attachments/evidences in the report..
Embed image attachments Image files (.jpg or .png) attached to review questions and/or review results are also embedded in the report as images. The file names of the respective images are printed below them. If available, the timestamp of the capture is also printed. Consequently, the file size of the report is larger and generation can take a little longer.
Attachments/evidences as zip-file The report is downloaded in a zip-folder along with any attachments/evidences. Links are listed in a .txt file.
Appendix with explanations Adds an apendix with different explanatory texts.
Create gap analysis report


Conformity

Choose conformity type

Here, you can generate reports to show the conformity with a standard or norm as well as the results of gap analyses.

These reports show a distinct average score for each requirement or norm chapter.

Weightings of review questions are not considered.

Evaluation by standards and norms:

Review questions mapped to chapters of standards and norms are considered for the calculation of score values. These can be answered in reviews. Review questions from various reviews can populate this evaluation. Review questions can be mapped to all chapter levels.

Example: ISO 9001 chapter 6 Planning, which consists of 3 subchapters.

  • Chapter 6 Planning (Score = 2.85)
    • Review question 1: Score = 2
    • Review question 2: Score = 2
    • Score for calculation: (2 + 2) / 2 = 2
  • 6.1 Measures for the handling of risks and opportunities (Score = 4)
    • Review question 3: Score = 3
    • Review question 4: Score = 5
    • Score for 6.1: (3 + 5) / 2 = 4
  • 6.2 Quality objectives and planning to their achievement (Score = 4)
    • Review question 5: Score = 4
    • Score for 6.2: (4) / 1 = 4
  • 6.3 Planning of Changes (Score = 3)
    • Review question 6: Score = 3
    • Review question 7: Score = 3
    • Score for 6.3: (3 + 3) / 2 = 3

To get the score for chapter 6, first the averages of the subchapters must be calculated (4 + 4 + 3) / 3 = 3.7. Then the value is calculated with the averages of the review questions of the main chapter (3.7 + 2) / 2 = 2.85.

Evaluation by reviews:

The evaluation by reviews is done on the basis of the contained topics (review objects). The final score of a review comes from the averages of the individual review object results. The score of the review objects comes from the average of the contained review questions.

Example: Review per ISO 9001 for chapter 5 Management (Score = 3.66) and chapter 6 Planning (Score = 3.14)

  • Chapter 5 Management (Score = 3.66)
    • Review question 1: Score = 3
    • Review question 2: Score = 5
    • Review question 3: Score = 3
    • Score = (3 + 5 +3) / 3 = 3.66
  • Chapter 6 Planning (Score = 3.14)
    • Review question 1: Score = 2
    • Review question 2: Score = 2
    • Review question 3: Score = 3
    • Review question 4: Score = 5
    • Review question 5: Score = 4
    • Review question 6: Score = 3
    • Review question 7: Score = 3
    • Score = (2 + 2 + 3 + 5 + 4 + 3 + 3) / 7 = 3.14

Note: For chapter 6 the same review questions were used as for the evaluation by standards and norms.

Conformity report by reviews

The purpose of this report is to graphically illustrate the fulfillment of the prerequisites based on individual reviews. The fulfillment of the prerequisite points is presented visually in the form of spider diagrams, pie charts or tachometers.

Generate conformity report by reviews

Depending on your role there are different ways of generating this report.

  1. Reviews: You can generate a conformity report for the selected reviews.
  2. Responsible (Compliance manager only): You can generate a compliance report for one responsible person or team, where all reviews assigned to this responsible person or team are listed with their respective evaluation.
  3. Organizational units (Compliance manager only): You can generate a compliance report for an organizational unit, where all reviews assigned in this organizational unit are listed with their respective evaluation.

Example conformity report: Reviews
Example conformity report: Responsible

Berichtsoptionen
Selection of the analysis period This option determines which analysis period the report elements come from.
Selection of the target score For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
Target score on the cover page Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
Table of contents This option determines whether a table of contents is included in the report.
Review objects/questions in table of contents This option determines whether the table of contents also contains individual review objects/questions.
Review Header data: if activated, all available information on the review is printed in the header data. If not, the report only shows the reviewed organizational units, beginning an dend of the review, as well as the participants, if filled in.

The remining options determine whether review remarks are printed, and whether and which graphics are included in the report (bar chart, donut diagram, compliance spider charts). The "unnecessary" option in this position affects all donut diagrams of the report.
Review object Header data: if activated, all available information on the review object is printed in the header data. If not, the report only shows name of the review object.

The remining options determine whether and which graphics are included in the report (donut charts AND/OR scoreline).
Tabular evaluation of review questions Prints an overview of the review questions and results with their answers in the form of a table. The cells containing the answers are colored as per the target score. Unnecessary review questions/results are grey. Not answered review questions/results are colorless and marked with "-". Anwered information gatherings are marked with "answ.".

All OR Only positive OR Only negative:
Determines for the table whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.

Information gatherings AND/OR Unnecessary AND/OR Not answered:
Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the table.
Detailed evaluation of review questions Prints a detailed overview of the review questions and results with various additional information in the report.

All OR Only positive OR Only negative:
Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.

Information gatherings AND/OR Unnecessary AND/OR Not answered:
Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.

Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:
Determines the inclusion of these elements in the detailed overview of the review questions/results.

Move to appendix:
If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
List attachments/evidences Prints the file names of attachments/evidences in the report..
Embed image attachments Image files (.jpg or .png) attached to review questions and/or review results are also embedded in the report as images. The file names of the respective images are printed below them. If available, the timestamp of the capture is also printed. Consequently, the file size of the report is larger and generation can take a little longer.
Attachments/evidences as zip-file The report is downloaded in a zip-folder along with any attachments/evidences. Links are listed in a .txt file.
Appendix with explanations Adds an apendix with different explanatory texts.
Create conformity report by reviews


Conformity report by standards and norms

The purpose of this report is to graphically illustrate the fulfillment of the prerequisites in each requirement area of the standard. The fulfillment of the prerequisite items will be visually represented in the form of spider diagrams, pie charts, or tachometers. After selecting a standard, a list of applicable knowledge bases and their various versions will appear. From this, choose all knowledge bases and versions thereof which are to be part of the report's data basis.

For display purposes, questions answered Yes, No, or Partially are converted to scores. "No" corresponds to score 1, "Partial" corresponds to score 3, and "Yes" corresponds to score 5.

Generate conformity report by standards and norms

First, the desired norm or standard must sbe selected for which a conformity report is to be generated. If the option "Include mapped standard chapters" is selected, the mapped standard/the mapped norm can be selected from a second list. Then, the knowledge bases to be considered in the report must be selected.

The selected knowledge bases form the basis for the evaluations in the report. Only knowledge bases that have a mapping to the selected standard and at least one review object (of a gap analysis) are displayed. If a review object exists in several versions, only the one with the highest version is considered. If a restriction is also made to an OrgUnit, the highest version of the review object that is linked to the OrgUnit is used. In addition, note that reviews may not be in the state "Draft" or the respective knowledge bases will also not be listed.

Berichtsoptionen
Selection of the target score For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
Selection of a time period from-to This option determines from which time period between a beginning and an end date the report elements are taken.
Selection of the OU This option determines which organizational units are considered for the report.
Target score on the cover page Steuert, ob der gewählte Target Score am Deckblatt des Berichts angedruckt wird.
Table of contents This option determines whether a table of contents is included in the report.
Review objects/questions in table of contents This option determines whether the table of contents also contains individual review objects/questions.
Only closed reviews With this option, only reviews in the state "Closed" are included in the report.
Report format Determines in which format the evaluation is displayed in the report:
- Tabular evaluation
- Tabular evaluation + graphical evaluation of the main chapters
- Graphical evaluation of the main chapters
- Graphical evaluation of the main chapters & subchapters incl. question
Detailed evaluation of review questions Prints a detailed overview of the review questions and results with various additional information in the report.

All OR Only positive OR Only negative:
Determines for the detailed evaluation whether all evaluations, only positives as per the target score, or only negatives as per the target score are included.

Information gatherings AND/OR Unnecessary AND/OR Not answered:
Determines the inclusion of information gatherings and those review questions/results marked as unnecessary or unanswered in the detailed evaluation.

Answer AND/OR Justification AND/OR Description AND/OR Protection targets AND/OR Measures & controls:
Determines the inclusion of these elements in the detailed overview of the review questions/results.

Move to appendix:
If this option is selected, the detailed evaluation of the review questions and results is moved from the main body of the report into the appendix.
Include mapped standard chapters If the selected standard/norm refers to other standards/norms via mappings, the review questions and results linked with those chapters can be included in the report with this option.
Include not applicable chapters in the statistics Determines whether chapters marked as not applicable in the management system are considered in the report.
Include review results If selected, manually created review results are also considered (meaning those not coming from a knowledge base).
Appendix with explanations Adds an apendix with different explanatory texts.
Conformity by standard or norm


Standards and Norms

Reports about standards and norms can be generated here.

Select report for standards and norms


The chapter applicability for the reports is calculated as follows:

Scenario Chapter
Scenario 1: Chapter 1 - without measures
Chapter 1.1 - with a measure
Chapter 1.2 - with a measure

The applicability of chapter 1 is 100%, because all chapters below have assigned measures.
Scenario 2: Chapter 1 - with a measure
Chapter 1.1 - without measures
Chapter 1.2 - without measures

The applicability of chapter 1 is 100%. As the measure is assigned to the super-chapter, it also counts towards the sub-chapters.
Scenario 3: Chapter 1 - without measures
Chapter 1.1 - with a measure
Chapter 1.2 - without measures

The applicability of chapter 1 is 50%, because only half of its sub-chapters have measures assigned to them.

Statement of Applicability (SOA)

This report shows which chapters of the standard are "applicable" or "not applicable" in the management system. It also includes the justification for each chapter's applicability and the measures and controls associated with the chapters.

  • Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
  • In the donut diagrams, the scope of the standard is taken into account. If this has been restricted, chapters marked as not applicable are not taken into account. This can be canceled by activating the option Include not applicable chapters in the statistics.

The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.

With the option "Include mapped standard chapters", the database can be extended to mapped standard chapters. This means that if standard S1 has a chapter C that is mapped to standard S2 chapter C (S1.C => S2.C) and a report is generated from standard S1, the report will also include actions and controls that are mapped to standard S2 chapter C. This behavior also applies to chapters mapped from S2.C.

Measures Green = Completed measures
Orange = Suspended measures
Blue = Open measures
Measures for chapters Red = Chapter without measures
Blue = Chapter with open measures
Green = Chapter with completed measures
Controls for chapters Orange = Suspended controls to chapters
Green = Active controls to chapters
Red = Chapters without controls

Generate Statement of Applicability (SOA)

To generate an SOA, choose a standard/norm and configure the SOA via the report options. Click on the pink download button to generate the report.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Statistic In the statistic, the fulfilments are determined on the basis of the total number of chapters. Only the subchapters are included in the calculation.
Example: A standard consists of one superordinate chapter and three subchapters. The calculation basis for the statistic is 3 (= total number of subchapters). The superordinate chapter is only used for structuring purposes.
Scope Determines whether the scope recorded in the standard is included in the report.
Measures and controls details Determines whether details for included measures and controls are printed in the report.
Linked documents Determines whether documents from the doc management linked with the standard or norm are printed in the report.
Include mapped standard chapters If the selected standard points to other standards, then the measures and controls that are related to that standard chapter will be taken into account when choosing this option.
Include not applicable chapters in the statistics Determines whether chapters marked as not applicable in the management system are considered in the report.
Appendix with explanations Adds an apendix with different explanatory texts.
Statement of Applicability


Management Summary

This report provides a management overview of the measures and controls assigned to a standard/norm:

  • Donut charts show the number and status of assigned measures & controls. The total number of chapters in the evaluation corresponds to the number of chapters at the lowest level. If a measure or control has been assigned to a chapter, it is also assigned to all its sub-chapters. Thus, if a super-chapter has assigned a measure or control, it behaves in the same way as if all sub-chapters had assigned that measure or control.
  • A bar chart shows the number of measures & controls by main chapters. The number is the sum of the measures or controls assigned to the main chapter and each sub-chapter below it. A measure or control assigned several times is only counted once per main chapter.
  • The report takes into account the scope of the standard. If the scope is limited, chapters marked as not applicable are not taken into account. This can be canceled by activating the option "Include not applicable chapters in the statistics".

    The data basis can thereby be restricted to an earlier analysis period. In this case, only measures and controls that already existed in the selected analysis period are taken into account.

Example report: Management Summary

Generate Management Summary

To generate a management summary, choose a standard/norm and configure the management summary via the report options. Click on the pink download button to generate the report.

Report options
Selection of the target score For reports including review questions, this option determines when they are counted as a gap. If the answer is below the set vgalue, it is a gap.
Statistic In the statistic, the fulfilments are determined on the basis of the total number of chapters. Only the subchapters are included in the calculation.
Example: A standard consists of one superordinate chapter and three subchapters. The calculation basis for the statistic is 3 (= total number of subchapters). The superordinate chapter is only used for structuring purposes.
Measures and controls details Determines whether details for included measures and controls are printed in the report.
Include mapped standard chapters If the selected standard/norm refers to other standards/norms via mappings, the review questions and results linked with those chapters can be included in the report with this option.
Include not applicable chapters in the statistics Determines whether chapters marked as not applicable in the management system are considered in the report.
Appendix with explanations Adds an apendix with different explanatory texts.
Management Summary


Structural analysis

Reports on RTO and RPO fulfilment can be generated here. You can find more information on RTO and RPO under "Risk management → Structural analysis".

Select RTO or RPO report


RTO-Fulfillment

This report shows whether or not the requirements derived from the various protection needs analyses (PNAs) for the resources can be met in terms of the maximum justifiable recovery time in each case.

The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum justifiable recovery time.

If the report is restricted to a resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered. Generate RTO-Fulfillment report

To generate a RTO fulfillment report, click the pink download button.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Statistic Determines whether a statistic with graphics on the degree of fulfillment and coverage is included.
Fulfilled requirements Determines whether identified fulfilled requirements are included.
Not fulfilled requirements Determines whether identified not fulfilled requirements are included.
Resources with defined information Determines whether resources with defined information are included.
Resources with undefined/irrelevant information Determines whether resources with undefined or irrelevant information are included.
Appendix with explanations Adds an apendix with different explanatory texts.
Create RTO report


RPO-Fulfillment

This report shows whether the requirements derived from the various protection needs assessments (PNAs) for the resources in terms of maximum acceptable data loss can be met in each case or not.

The report can be generated without restriction to a resource. Then it is shown how well the requirements derived from all PNAs are met for all involved resources with regard to the maximum acceptable data loss.

If the report is restricted to one resource (e.g., a specific hardware component), only resources that require this resource (e.g., specific applications and databases) to be able to work functionally are included in the evaluation. Only PNAs that define requirements for these resources are then considered. Generate RPO-Fulfillment report

To generate an RPO fulfillment report, click the pink download button.

Report options
Table of contents This option determines whether a table of contents is included in the report.
Statistic Determines whether a statistic with graphics on the degree of fulfillment and coverage is included.
Fulfilled requirements Determines whether identified fulfilled requirements are included.
Not fulfilled requirements Determines whether identified not fulfilled requirements are included.
Resources with defined information Determines whether resources with defined information are included.
Resources with undefined/irrelevant information Determines whether resources with undefined or irrelevant information are included.
Appendix with explanations Adds an apendix with different explanatory texts.
Create RPO report



Abgerufen von „https://userguide.hitguard.de/index.php?title=Berichte_für_das_Risikomanagement/en&oldid=34722
Zuletzt geändert
Diese Seite wurde zuletzt am 16. Mai 2025 um 08:42 Uhr bearbeitet.