Managementsysteme/en: Unterschied zwischen den Versionen

← Zum vorherigen Versionsunterschied Zum nächsten Versionsunterschied →

Version vom 19. Februar 2026, 14:54 Uhr

Administrators and Expert Experts can create, edit, and manage management systems via "Administration → Management systems". Experts can only edit the management systems for which they are responsible.

What is a management system?

A management system bundles data related to a certain topic. Management systems contain beinhalten measures, controls, protection needs analyses, gap analyses, Audits, Tickets and other elements. These entities only exist inside management systems. Master Data will not be restricted to specific management systems.

Expert- Professional- and Observer- Users are added to management systems. This gives them access to the data in the management system and allows them to perform analyses and assign tasks. The data they manage in the management system is historicized by analysis periods, making it comparable.

What purpose do management systems serve?
Management systems have three key functions:

They serve to categorize measures, controls, or risk identifications of selected departments into subject areas.
- For example: Measures from information security audits are managed in one management system, while measures from quality management audits are managed in another. Both subject areas are and remain separate.
Management systems define who is responsible for the subject area and who else works with the data.
- For example: Mr. Smith is responsible for the QM management system, but does not have access to the ISMS management system. Ms. Jones, on the other hand, is responsible for the ISMS management system and occasionally works in QM. She has access to both management systems.
They are used to assign progress surveys and other data to time periods and to analyze corresponding key figures and trends.
- For example: Mr. Smith collects progress data from ten departments every six months, while Ms. Smith evaluates her data quarterly.

Deleting a management system:

The deletion of a management system can only be performed by the responsible expert.
The deletion of management systems is only possible as long as no active analysis periods are included.

Licenses:

The grid overview in HITGuard shows how many licenses are currently available and how many are in use. This makes it possible to see at a glance whether one is underlicensed or still has licenses for additional management systems. More information about the licenses can be found under "Administration → Licensing".

Master data

A management system is configured in the master data. The settings made here affect the measures and reports to be created.

Edit master data

Here, the name, the responsible person(s) and the team members for a management system are defined and entered.

Every management system can have one or more experts or teams made up of experts be responsible. The members of the management system team must be experts, professionals, or observers.
Management systems can only be edited by the responsible person(s) or the administrators once they have been created.

Evaluation schema Evaluation schemas are a way to evaluate reviews according to a different schema, like the target maturity schema.

Possible evaluation schemes are:

Yes/No/Partial
CMMI process model
Grade system (1-4)

The third option is not available for selection by default. To get this option for selection, contact our team.

Management system settings

If protection targets are activated here, they are activated by default in the risk policy of risk management. This in turn has an impact on risk assessments and analyses. These protection targets can then be used within the management system. Protection targets can be managed and created by experts under "Risk Management → Risk Policy". (See protection targets)

The standards and norms that are to be used in this management system can be configured here.

Standards that are not selected here are visible in existing mappings, but can no longer be selected or changed in this management system. They are also not considered when further mapped norm chapters are included in reports (e.g., Compliance report by Standard or Norm).

For example, if the standard "GDPR" is not selected, it cannot be selected for the evaluation of the compliance spider in the risk management dashboard according to "GDPR".

Data protection add-on:

This activates the Data Protection module for this management system. Data protection experts, professionals and observers can then create and manage data protection, processing activities, data protection impact assessments and more via the Data Protection menu item.

Case management add-on:

Specifies whether this management system should be used to report incidents. This makes the Case Management menu item visible to users authorized for case management.

Audit management add-on:

Specifies whether this management system should be used to manage audits and audit programs. This makes the Audit management menu item visible to users authorized for audit management.

E-mail settings

If an e-mail setting is configured here, then all reminders that originate from this management system will be sent via this e-mail address. If you do not use an e-mail account of your own but the one provided by TogetherSecure, the sender address needs to end in @hitguard.at.
If no e-mail setting is configured here, then all e-mails will be sent from that address that is stored in the global settings.(see Global e-mail settings)

Define interval schema

The interval schema is used to define whether analysis periods should follow a predefined rhythm.
Analysis periods can be:

Manually set: Here, the time restriction is defined manually with a from-to date. This is set individually for each period.
Start date plus interval: Here, a year is divided into three analysis periods. For example, starting with 2/1 to 5/31/2021; 6/1 to 9/30/2021 and 10/1 to 1/31/2022.

Reminders via e-mail

The current setting for progress message reminders is displayed here. This setting ensures that an implementer of a task is reminded of its implementation via e-mail before the period expires.

This setting must be made directly in the database!

If you want to change this setting, please contact our team.

Analysis period and history:

Purpose

Analysis periods classify data into timespans that can be evaluated. Therefore, analysis periods are regularly closed and a successor analysis period is created.

Some KPIs, such as criticality of open measures, are based on analysis periods. Similarly, you can choose the analysis period that you want to evaluate for some reports, for example the reports for gap analyses.

For two elements in HITGuard, the link to the analysis period is very strict. Because of this strict link, these two elements can block you from creating a successor analysis period. These elements are progress reports and processing activities.

For both elements, you can use a workflow to request editing by practitioner users. As long as this editing is not fully completed — that is, as long as (a) the practitioner has not returned the task and (b) the expert user has not accepted it — you cannot create a successor analysis period.

You can only create a successor analysis period when all progress reports and all processing activities have been fully completed and accepted.

To create a successor analysis period click on the Button to the lower right. Then you can set the date values for the new analysis period, or you let HITGuard fill them in (see Intervallschema definieren).

Active analysis period

Begin and end:

An analysis period can be as short or as long as the organization requires. In principle, the begin and end date can be on the same day; however, the begin date must not be after the end.

Editorial deadline::

Relevant for the the measures and control management. The date by which all progress reports for the measures in an analysis period should be completed. Progress reports can also be requested manually at any time via "Measures → Progress reports". This date must be set before or on the date of the analysis period end.

Target score:

The target score describes the target status for all gap analyses. If you are below a target score in an analysis, the answered review question is recognized as a gap. The identified gaps should be assigned risks in the next step and treated by measures and controls. If the evaluation schema is changed, the target score needs to be adapted.

Included OrgUnits:

Organizational units are required to report in the analysis periods to which they are assigned. This means, they must submit progress reports on the measures assigned to them by the editorial deadline. An organizational unit can also report simultaneously in several management systems or analysis periods.
If new organizational units are created during an analysis period, they are automatically added to the analysis period if their parent organizational unit is assigned to that analysis period. However, if the organizational unit does not have a parent organizational unit assigned to this analysis period, then it must be added manually.

Transfer to subsequent analysis period:

When transferring an analysis period to the next one in connection with the measure and control management, all tasks that do not have the status "completed" are transferred to the new analysis period and adapted according to the respective status. The completed measures will of course not be followed up in the next period.

Delete an analysis period

The deletion of an analysis period can only be triggered by the responsible expert.
The deletion of analysis periods is only supported as long as no progress reports have been created.
Only the current period to analyze can be deleted at any one time; completed periods can no longer be deleted.

Past analysis periods

The history lists the analysis periods which have already been completed with start, end and editorial deadline.

Code generation

Here you can set the default of whether an automatic code should be created for any new elemtents, and for which ones. The structure of the code can also be configured here. Upon creation of a management system, the configuration is taken automatically from the global settings, but it can be changed and adapted here at any time.

The general prefix is used at the beginning of the code for all selected elements.
The first column allows you to select all elements that are to be generated with an automatic code.
Prefix: a string of letters, digits, or special characters that clearly labels the element (e.g., M for measure). The default entry can be changed.
OrgUnits abbr.: decides whether the element's code also includes the code of the organizational unit. Elements that aren't directly associated with any organizational unit do not have this option activated (e.g., hazard situations or processes).
OrgUnit abbr. suffix: a delimiter between the OrgUnit code and the final digit string (e.g., _ or -).
Minimum precision: the minimum number of digits to be included in the resulting string. At least 1 and at most 10 can be entered. With a number of 4, the resulting strings would be, for example, 0001, 0026, or 0184.

@@ Zeile 34: / Zeile 34: @@
 <b>Licenses:</b>
-<div class="mw-translate-fuzzy">
+The grid overview in HITGuard shows how many licenses are currently available and how many are in use. This makes it possible to see at a glance whether one is underlicensed or still has licenses for additional management systems. More information about the licenses can be found under [[Special:MyLanguage/Lizenzierung| "Administration → Licensing"]].
-The overview shows how many licenses are currently available and how many are in use. This makes it possible to see at a glance whether one is underlicensed or still has licenses for additional management systems. More information about the licenses can be found under [[Special:MyLanguage/Lizenzierung| "Administration → Licensing"]].
-</div>
 <span id="Stammdaten"></span>