Maßnahmen Einstellungen/en: Unterschied zwischen den Versionen
Weitere Optionen
Faha (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
Faha (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
||
| Zeile 18: | Zeile 18: | ||
<br clear=all> | <br clear=all> | ||
== <span id="Impact classes"></span>impact classes == | == <span id="Impact classes"></span><span id="auskla"></span>impact classes == | ||
Impacts are divided into classes. The impact classes are based on the risk-bearing capacity of the company. The highest impact class should therefore be based on the maximum damage that the company can bear. Classes can be defined by administrators and experts. | Impacts are divided into classes. The impact classes are based on the risk-bearing capacity of the company. The highest impact class should therefore be based on the maximum damage that the company can bear. Classes can be defined by administrators and experts. | ||
Version vom 15. November 2021, 07:45 Uhr
All settings and configurations made here are global. They affect all management systems and can be edited only by administrators or experts.
Effort classes
Effort describes how many resources (monetary, time) it takes to close a finding or implement the associated action. Effort classes can be defined. For example, there can be large, medium or small efforts. The number of classes, the name of the classes as well as their properties - monetary or human effort - are freely configurable.
Criteria for impact classes
Effects are not necessarily of a monetary nature. They can also lead to loss of effectiveness, damage to image or patient harm. For this reason, HITGuard offers the possibility to freely configure criteria for impacts. These criteria can then in turn be mapped to impact classes.
These are created under "Measures → Settings → Criteria for impact classes".
impact classes
Impacts are divided into classes. The impact classes are based on the risk-bearing capacity of the company. The highest impact class should therefore be based on the maximum damage that the company can bear. Classes can be defined by administrators and experts.
Monetary damage:
- This defines how high a monetary damage is in a class.
Add criterion:
- Here you can map the already created criteria to an impact class. In addition, you should describe in the context of the class what damage must occur to satisfy a criterion.
.
Examples of impact classes:
| Impact class | Definition |
|---|---|
| Low | Monetary damage: > 5.000 Euro and <= 25.000 Euro |
| Patient damage: minor and short-term inconvenience | |
| Loss of effectiveness: no or very limited impact on operations/procedures | |
| Data and system security: disclosure of a corresponding threat or vulnerability has negligible impact | |
| Moderate | Monetary damage: > 25,000 euros and <= 100,000 euros |
| Patient damage: temporary and minor injuries, medical intervention required | |
| Effectiveness loss: very limited or nuisance effect on operations/measures | |
| Catastrophic | Monetary damage: > 10 million euros |
| Patient harm: Death | |
| Loss of effectiveness: planned operations/procedures no longer feasible | |
| - |} |
Frister mediation
The matrix for determining the time period results from the combination of effort and impact. Experts must define for all combinations of effort and impact how long is acceptable to implement an adequate risk elimination/reduction measure. This increases the pre-population of the deadline with the date of the final report and sets it to the respective defined value. However, this value can still be adjusted manually in the measure.
Click on a cell in the matrix to change the settings.
