Dependencies are relationships between structural elements (organizational units, processes, resources, data categories, and suppliers). They show how strongly elements depend on each other and which risks are particularly critical for which elements.

An ability to control is the assessment of the quality of the already implemented set of measures and controls for managing a risk or an opportunity. It shows how well the company is able to control the risk through existing measures and controls. The available assessment options for the ability to control can be configured in the risk policy.

In the course of a review, there can be an uncertainty regarding the answer to a review question. Sometimes further queries arise for them that can’t be answered right away. These review questions can be marked with “Clarification needed”. They are then listed in the overview under Risk management → Vulnerabilities → Clarification needed and can be worked through uncomplicatedly.

More on the Clarification needed tag can be found under Vulnerabilities → Clarification needed.

A gap represents a difference from the desired target score, which is detected in a gap analysis or a review result. The target score is defined in the management system. Generally, gaps are underperformances, i.e., audit or review questions that were answered negatively, which are then presented as risks or aggregated into such and can be addressed and remedied with measures. Overperformances are also detected; these can be useful in opportunity management.

Find more on gaps here.

A gap analysis, the most common form of review in HITGuard, captures gaps from the target state. Traditionally, this involves answering a catalog of review questions from a knowledge base, where gaps from the intended target score are detected. It can be conducted as an interview or forwarded to the person responsible and/or the interview partner for self assessment.

In daily work, gap analyses are sometimes also referred to as vulnerability analyses. Find more on gap analyses here.

A dossier is created for one or more tickets in case management and helps the support team in solving the reported problems, clarifying circumstances, and handling incidents. Aside from the relevant tickets, reviews, risks, measures, and controls can also be linked to the dossier.

Find more on dossiers here.

The traffic light system in HITGuard displays the status of a measure using colors to visually represent deadlines and analysis periods.

Find more on the traffic light control here.

An analysis period divides the data of a management system into time periods. This serves to make different elements of a management system analyzable and comparable. Using various KPIs on the dashboard, the analysis periods can be compared with one another.

Analysis periods are defined by Experts in the management system and entered manually or at fixed intervals. Each analysis period has a start date and an end date, a target score, and the included organizational units can be defined. For the tracking of measures, a deadline for progress reporting is additionally set, so progress reports can be obtained in a timely manner.

Find more on analysis periods under Administration → Management systems.

In HITGuard, two functions are referred to as 'change log':

1. Change logs for reviews track the changes in the status of the review, recording the date and time, as well as the responsible user.
2. Change logs for controls track the developments of controls in even more detail. Each step of the controls workflow, including changes to text in input fields, is recorded with a timestamp. Even if the Expert subsequently makes changes, for example to the status, this is recorded.

In many elements in HITGuard (review questions, measures, controls, etc.), you can upload attachments. You can manage them under "Uploaded attachments," either in the licensed Doc management or as an Expert under Administration.

An audit is a collectin of reviews (interview appointments) on a specific topic. This could be, for example, the questioning of multiple locations in a country on the topic of occupational safety. Multiple audits can be summarized in an audit program.

To make the planning of audit programs and audits easier, organizational units that are close to each other either regionally or thematically and are therefore often audited together, can be grouped into audit clusters.

Find more on audit clusters under Audit management → Audit clusters.

The audit planner is a tool for planning and managing audits. With the audit planner, you can create reviews within an audit, fill them with review objects, and initiate revaluations.

An audit program is a collection of audits on a specific topic. An audit program could, for example, include all surveillance audits of an ISO 27001 certification within a year.

A threat is an element that represents the cause of a potential hazard. Threats can be linked to gaps and risks and should thereby make them concrete.

Companions support external lead-auditors in the execution of reviews.

Observers are a user role in HITGuard.

For more on user roles, see Administration → Users/User roles.

The support team is the team that's responsible for incoming tickets in the case management.

Find more on the support team here.

Data subject categories are categories of persons subject to the processing of data. They are recorded in HITGuard and then linked with data categories in the course of processing activities.

Find more on data subject categories here.

Strategy is, alongside the probability of occurrence and the extent of damage, the most important characteristic of risks and opportunities. Risks are reduced with coping strategies, while the positive potential of opportunities is increased with treatment strategies.

Find more on risks and opportunities here.

Relationships are links between organizational units, processes, resources, data categories, and suppliers, which are depicted in the structural analysis. They can depict hierarchical relationships or dependency relationships. Relationships are created manually or through a protection needs analysis.

The gross risk is the assessment of a risk at its initial discovery, before it has been addressed with measures and controls and, hopefully, reduced.

Find more on risks and opportunities here.

A business service is a resource that brings together different applications that serve similar purposes. Example: Instead of evaluating and discussing e-mail, phone, and MS Teams individually, one can create a business service called "Communication services" and evaluate it as a conglomerate.

An opportunity can be a collection of positive gaps that represents an opportunity or forms a concrete potential for the linked entities. Opportunities can be viewed and processed under Risk management > Risks & opps. They can be in various states and are addressed with measures and controls. A range of KPIs provides further information about the state of the opportunities.

Find more on risks and opportunities here.

Co-auditors support internal lead-auditors in the execution of reviews.

Compliance managers are a user role in HITGuard.

For more on user roles, see Administration → Users/User roles.

A dashboard in HITGuard is a configurable page with one or more key figures, which can be used for evaluations and reporting.

Find more on dashboards here.

Data categories are core data. They are used to categorize data for use in HITGuard. For example, there is a data category Employee Data, which lists contact data, bank data or contract data of the employee as a subcategory. The data categories can be viewed in the structural analysis, where you can see in which applications, via which processing activities and in which departments they are processed.

Find more on data categories here.

Data classification characterizes the confidentiality of the data and specifies how data should be handled. This depends on the confidentiality of the data and the associated desired level of protection. The number of categories, the name of the data class, as well as its description, are freely definable under Risk management > Risk policy.

DPIA stands for data protection impact assessment (DSFA in German). According to the GDPR, a documented decision must be made for each processing activity (PA) as to whether a data protection impact assessment (DPIA) is to be carried out. This is done in the course of a so-called DPIA requirement assessment. This DPIA and DPIA requirement check can be performed in HITGuard under Data protection → DPIA.

The probability of occurrence is the estimated probability of the occurrence of a specific event in a given future period (e.g. 1x in 30 years). Classes of probabilities of occurrence can be defined in the risk policy. The number of categories, the name of the occurrence probability classes as well as their description and stored occurrence probabilities (in frequency per period) are freely configurable.

Find more on risks and opportunities here.

The necessity test is the step towards knowing whether a DPIA needs to be performed for the assigned processing activities.

In measures you need to record when the necessity of the implementation was recognized. Therefore, this field is mandatory.

It is possible to note in measures through which event the necessity of the measure's implementation was recognized. If a measure is created out of a risk or out of a review, this field is prefilled with its name.

During initial assessments, a review (a protection needs analysis or gap analysis) is performed for the first time. The results can then be used for further work or analysis in HITGuard.

Experts are a user role in HITGuard.

For more on user roles, see Administration → Users/User roles.

Externals in the context of data protection are external legal or natural entities, meaning companies or people, who receive personal data from your company or transmit them to you. Externals can be recorded under Data protection > Externals.

Find more on externals in data protection here.

External auditors are lead auditors that are from outside the organization and do not have their own HITGuard access. The should therefore always conduct audits with a companion. They can be created under Audit management > External auditors and then be entered as lead auditors in audits and reviews. External auditors can be persons or organizations.

The recording of determination types can be activated in the audit management settings. Then, the following additions are available with the answers in reviews: major deviation, minor deviation, note, recommendation, model implementation. They can be especially highlighted in KPIs and reports.

A progress report is a notification by the responsible(s) for a measure to the responsible(s) of a management system, telling them the current status of a measure. Usually, progress reports are requested, but they can be reported proactively if the option is activated.

Find more on progress reports here.

Functions can be used in audit management to display more information on reviews. For example, a single user can be questioned through the lense of a team leader or a facility manager.

Find more on functions here.

The Global settings contain configuration options that affect the entire production system and all management systems.

Find more on the Global settings here.

In HITGuard, it is possible to import existing data, e.g. risks or organizational units, from other sources (e.g. SAP). The ID makes it possible to keep data consistent across applications. If an import is performed and the ID of the import data set matches an existing ID, then a new data set is not imported, but the existing data set is updated with the import data set.

Example: You use SAP to manage organizational units and import them monthly to HITGuard to bring all changes from SAP into HITGuard.

For more information, see Data import.

An information gathering is a review question in a knowledge base that does not have an evaluation. Information can be gathered here, such as number of employees or regulatory documents.

If a review or protection needs analysis in HITGuard is of the type interview, that means that the task is not completed by the interview partner. The lead-auditor and any co-auditors/companions execute the assessment as an interview together with the responsibles and/or interview partners and themselves fill out all forms.

The interview partner is the person who provides the information within the framework of an assessment. In the case of a gap analysis, the interview partner answers the review questions. In the case of a protection needs analysis, the interview partner provides information about the resources and data categories that an OrgUnit or a process uses. Both types of assessments can be conducted as an interview or as a self assessment.

An edge is a connecting line between two entities in the structural analysis. It shows whether there is a relationship of dependence, what direction the dependence runs in (arrow direction, who depends on whom) and with which percentage the dependence is weighed.

Find more on edges and their use here.

Control definitions are the basis of controls in HITGuard. They are given master data, implementers, examiners, and a repetition schema by Experts or Professionals.

Controls are the repeating tasks that are triggered on the basis of control definitions.

The term KPI stands for key performance indicator and is used in business administration to describe key figures that can be used to measure and/or determine progress or the degree of fulfillment with regard to important objectives or critical success factors within an organization. In HITGuard, KPIs can be added to dashboards and are used to give overviews and for reporting.

Find more on dashboards here.

LDAP or Lightweight Directory Access Protocol is a network protocol standard that can be used in HITGuard to authenticate users. This allows users to log in using the credentials from your Authentication Provider.

For more information about this, see Login options and Global settings.

The lead auditor is the auditor in charge of the corresponding reviews. He or she leads the interviews with the interview partners and is supported in this by co-auditors or companions. If you create a review, your user is automatically preset as lead auditor, but this can be changed.

A supplier is a type of core data in HITGuard. They represent companies or organizations that provide input goods or resources, such as applications. You can use this master data only with the Supplier Risk Management add-on.

Find more on suppliers here.

Supplier users represent the contact persons in supplier organizations. With the Supplier Risk Management add-on, you can create these supplier users so that the contact persons can log in to the supplier portal to respond to the supplier asssessments that you send to them.

The supplier assessment is a specialized form of vulnerability analysis that can be used with the Supplier Risk Management add-on. With it, you can send an assessment to your suppliers, who will answer it via their own portal.

If the audit management is activated for a management system, one can configure the Local Management Representative under Administration > Organizational units. This is the audit coordinator and contact person that should be defined for every OrgUnit of the type company.

A management system is a contentwise bundling of elements, meaning measures and progress reports, controls, determinations and gaps, audits and reviews, etc.

The elements are assigned to a team of responsible experts and professionals in terms of monitoring and workflow handling (e.g. information security management team or data protection team). Also, all elements managed in it are historized in terms of analysis periods and thus made comparable.

A measure is a one-off task in HITGuard that is assigned to a person responsible for its implementation. Progress can be monitored regularly to track the implementation. Measures help, for example, to reduce risks in their management system and to correct discovered vulnerabilities.

In HITGuard, whistleblowers can report incidents, or employees and other stakeholders can ask questions. For this, there is a dedicated portal that can be activated to submit reports. These reports are sent to the staff of the management system so that they can answer and process them or ask questions back. Reports can be open or anonymous depending on the setting.

Find more on tickets here.

Model segments represent different types of resources. In the structural analysis, model segments can be shown or hidden separately to tailor the evaluation. The application layer and the business service layer represent resources that are used directly by parts of the organization. The IT infrastructure represents the underlying servers and databases. OT infrastructure stands for production machinery, physical security, e.g., for buildings or server rooms. The process layer collects additional resources that do not correspond to the other categories.

Net risk is the expected assessment of the risk after all planned future measures and controls have been implemented. It represents an expected value for the future and is divided into best case, most likely case, and worst case.

Find more on risks and opportunities here.

When revaluating, a review (a protection needs analysis or gap analysis) is carried out again to update the results of the preceding analysis. For this, a new review is created in which the previous results can also be carried over. This happens either manually or through the workflow plan. In the gap analysis, there is also the option to perform a semi-automatic revaluation.

Norm-mappings are references to chapters of standards and norms that are used for evaluating them. For example, measures, control definitions, review objects, or documents can be related to standards and norms. There are also mappings between individual standards and norms in HITGuard to allow them to be evaluated against each other. Norm-mappings document which regulatory requirements or compliance mandates are covered by the respective object. The mapping can be performed manually when creating an object, or automatically applied when, for example, a measure is created from a risk.

OrgUnit or organizational units map the structure of a company. They are part of the core data. A company usually consists of several organizational units that participate in the individual processing steps, which in turn take place in one or more organizational units. The creation and processing of data in these organizational units during the individual process steps is predominantly IT-supported using IT systems. In HITGuard, the relationships between OrgUnits and other core data can be modeled with the Structural analysis.

The partisanship shows whether an audit is internal or external.

Practitioner is a user role in HITGuard.

Find more on user roles here.

Professionals is a user role in HITGuard. Find more on user roles here.

A process is a set of related activities that transform inputs into outputs. A process can be encapsulated and part of another process and/or contain or trigger other processes. Processes often cross departmental and operational boundaries and are part of the process organization of an operation. These process structures can be represented and analyzed in the structural analysis.

Process questions are review questions in knowledge bases that are answered with a level of maturity as per the CMMI model (maturity level 0 to maturity level 5).

The examiner in HITGuard is the user who verifies the execution of a control.

Find more on controls here.

The review result, alongside gap analysis, is a form of vulnerability analysis. With a free-form review result, for example, the contents of an external report or audit can be documented as a vulnerability analysis. This way you can map the identified vulnerabilities in HITGuard and continue working with them, even if you do not have a knowledge base that serves as a template here.

A review question is a single question within a review. It serves to capture the status of a small, clearly defined topic area. It usually comes from a knowledge base or a template and is answered by the auditor or interview partner in order to determine deviations from the target state. The answers to review questions form the basis for identifying vulnerabilities that can later be linked to risks, measures, or controls.

Review objects are collections of review questions, which can either be freely created (review result) or come from topics in knowledge bases (gap analysis). Review objects are evaluated by answering review questions, and these answers are combined to form an average value. Through revaluations, a history of the review object is created, in which the development of the review object can be traced.

The approval behavior specifies how it is decided whether a control is deemed to have been successfully carried out when multiple examiners are involved. The approval behavior can be configured in the control definition.

Find more on control definitions here.

The editorial deadline is the date by which all progress reports for the measures of an analysis period should be completed. You can configure this response date in the management system. This date must be before or on the end date of the analysis period.

Resources are core data. They are IT or OT systems, people, buildings or other entities that are required for the execution of processes or for the functionality of an organizational unit. HITGuard offers the possibility to model resource structures and to graphically display their effects and dependencies on other systems via the structural analysis.

The data import/export interface of HITGuard is a REST API that complies with the OpenAPI 3.0 specification. It is therefore an API that can be used by applications. With this interface you can have various systems interact with HITGuard, for example to import information.

Find more on the REST API here.

There is also the option when generating reports to generate and archive the reports with revision information. This allows the report to be viewed, regenerated, and downloaded again at any time by experts under Administration > Report archive. If you create the report with revision information, you can edit the title for the report's cover page and record additional information. This includes data classification, copyright, revision number, revision date, and various names and dates.

A risk can be a collection of negative deviations that pose a concrete threat to the organization. Risks can be viewed and managed under Risk management > Risks & opps. They can be in various states, are linked to master data in the structural analysis, and are addressed with measures and controls. A range of KPIs provides further information about the state of the risks.

Find more on risks and opportunities here.

The risk ratio indicates how serious a risk is or how favorable an opportunity is. It is calculated by multiplying the risk factor for the probability of occurrence by the risk factor for the extent of damage/benefit. Based on the risk ratio, the risk or the opportunity is placed in the risk matrix and color-coded.

Find more on risks and opportunities here.

The risk matrix is derived — for each protection class — from the combination of the extent of damage or benefit (vertical) and the probability of occurrence (horizontal). In the matrix, the respective risk factors are multiplied to obtain the risk ratio. The larger the risk ratio, the more critical a risk is and the more urgently it must be addressed in order to prevent serious consequences. The risk matrix can also be used for opportunity management. In this approach, the axis of the extent of damage is expanded by benefit categories. The higher the opportunity factor (i.e., the further from zero), the greater the opportunity, and the more it should be exploited to reap the benefits.

Find more on risks and opportunities here.

The risk policy is a conglomerate of risk management settings in HITGuard. Among them are, for example, protection targets, extents of damage, probabilities of occurrence, or the risk matrix. Under risk management → Risk policy, these and more factore can be configured for all management systems in order to get the maximum benefit from the different risk management analyses and workflows.

Find more on the risk policy here.

RPO or Recovery Point Objective indicates how much data loss can be accepted. The RPO specifies the period of time that can elapse between two data backups. In other words, the maximum amount of data/transactions that can be lost between the last backup and the system failure. If no data loss is acceptable, the RPO is 0 seconds. RPO is analyzed with the structural analysis.

RTO or Recovery Time Objective specifies how long a business process/system may be down. The RTO specifies the time that may pass from the time of damage until the complete recovery of the business processes (recovery of: Infrastructure - Data - Reprocessing of data - Resumption of activities) may pass. The time period can range from 0 minutes (systems must be available immediately) to several days, in some cases weeks. RTO is analyzed with the structural analysis.

The advisor is the user that the responsible person asks for the completion of a task in the different HITGuard modules. For many elements, such as risks or processing activities, the responsible person as well as the advisor are set, in order to be able to delegate work.

A protection needs analysis, also called the Business Impact Analysis (BIA), determines how critical resources or data categories are to the organization. It assesses how critical these elements are for organizational units or processes, and specifies which protection targets (e.g., confidentiality, integrity, availability) are affected and to what extent. The results form the basis for the structural analysis, in order to identify dependencies and risks and to derive appropriate measures and controls.

Find more on protection needs analyses here.

Protection targets are fundamental security goals that define the aspects to which the management system should be oriented. They specify which properties of information or a system must be protected in order to minimize risks.

These protection targets are evaluated in the protection needs analysis and weighted to determine the organization's criticality. They feed into the risk assessment and the derivation of measures and controls.

Find more on protection targets here.

The vulnerability analysis is a review. Typically, it is a gap analysis.

If a review, protection needs analysis or processing activity in HITGuard is of the self assessment type, then this means that this activity is to be carried out by the officer or interviewee, for example. The responsible Expert or Professional can then request a response to the activity from the advisor or interview partner. The advisor or interview partner answers this and returns it to the responsible person. The latter can then check and accept the response or request a new response.

Core data have two meanings in HITGuard:

1. Core data are the data that represent your organization and its environment. Specifically, these are the organizational units, resources, processes, data categories, and suppliers. Expert users can maintain them in the Administration module. The master data are represented in the structural analysis as objects that relate to one another.
2. Core data are the header data of different elements. These are the central input fields, such as name, description, default settings, or the linkage to other data.

The structural analysis is the central representation of all relationships between organizational units, processes, resources, data, and suppliers. It links the results of protection needs analyses and vulnerability analyses, so that dependencies and risks become transparent. Through this interconnection, one can see how risks affect the structure, and where measures and controls are necessary to ensure security and compliance throughout the company.

In knowledge bases, review questions can be stored as structural questions. They then control whether other review questions that lie beneath them are displayed or not. Their answers are not part of the score calculation. They merely define whether and which sub-questions should be answered. This can, for example, be the case when certain questions only need to be answered for locations above a certain size.

The target score is the defined target value that specifies the desired state for evaluating review questions or review results. It serves as a reference point to detect deviations from the ideal state. Each answer to a review question is compared with the target score. If the answer value lies below or above the target score, the review question is considered a deviation, a gap. (The answers 'Yes', 'No', and 'Partly' are translated here into numerical values.) You can set the target score in the management system.

Teams consist of at least one member and are responsible for implementing the tasks assigned to you (measures, controls, audits, business impact analyses, etc.). Members of a team are responsible for working on the tasks assigned to them and receive an e-mail requesting them to implement these tasks.

The team leader only has to have an overview of his team. He can see which tasks are assigned to his team, but is not responsible for the implementation (unless he is also a member) of these tasks. Therefore, he does not receive any e-mails requesting him to implement a task. However, he can still implement the tasks if necessary. Team leaders are only informed if the deadline is exceeded, e.g. by controls or progress reports.

Find more on teams here.

Technical questions are review questions in knowledge bases that are answered with Yes, No, or Partially.

The semi-automatic revaluation updates review questions when a linked measure has been implemented and a post-change value for the gap has been recorded. HITGuard creates a new review for this and sets the relevant review questions to the defined post-change value.

Find more on the semi-automatic revaluation here.

Every structural question in a knowledge base can have sub-questions. Opposed to structural questions, those are part of the calculation of the score. It is possible to define the answers depending on what was said for the structural question.

A topic collection in audit management lets you group different topics from knowledge bases. This helps when you frequently need to create reviews that access the same topics from different knowledge bases.

Find more on topic collections here.

TOMs are technical and organizational measures or controls used for handling personal data.

According to Art. 32 GDPR, data controllers and the processor are required to take appropriate technical and organizational measures (TOMs for short) to ensure a level of protection appropriate to the risk. The criteria that the TOM must meet, as well as some examples of appropriate measures, are described in Art. 32(1) of the GDPR.

Find more on the creation and use of TOMs in HITGuard here.

An assessment in HITGuard is a structured process to identify critical systems or deviations from the target state. Assessments are central to risk analysis and can be reassessed on a regular basis.

The protection needs analysis serves to determine the required protection for data and resources such as IT systems, buildings or software.

The vulnerability analysis (also called gap analysis) serves to identify vulnerabilities. In gap analyses you create a questionnaire based on a template, and for a review result you enter external reports in HITGuard. In doing so, review objects are evaluated, gaps identified and linked to risks, measures and controls.

The implementer is set for control definitions. It is the user who executes the control after it has triggered and then returns it for examination.

Find more about controls here.

A responsible person (or multiple responsible persons) or a responsible team (or multiple responsible teams) can be set for the various elements in HITGuard. In the case of elements of the core data (e.g., resources or organizational units), the responsible person is of an informative nature only and not actively involved in any workflows. In the case of elements of the different management modules, the responsible person is also involved in workflows.They implement measures and report their progress, for example, evaluate risks and processing activities, and they see reviews under My tasks.

The context of each element reveals the role of its responsible person, and their role can be looked up on the respective pages in the Online Help.

A processing register in HITGuard is the collection of all processing activities of the management system. It can be structured into company and organizational registers.

PA is the abbreviation for processing activity. A legal definition of the term can be found in Art. 4 of the GDPR, where the term "processing" is defined as follows:

• any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This means that any operation or process which in any way processes personal data, whether the data is only stored or used for analysis, is a processing activity.

An effectiveness test is done to determine whtether the implementation of a measure has achieved the desired effect in the short and/or long term. This is done in the form of a follow-up measure or a control that deals with the new status quo.

A knowledge base is a catalog of review questions used to determine compliance and score. Knowledge bases serve as the templates for gap analyses. Knowledge base can be acquired from TogetherSecure as a subscription or created freely directly in the tool.

Find out more about knowledge bases under Administration → Knowledge bases.

Ein Workflow ist ein automatisierter Ablauf, bei dem unterschiedliche Benutzer an einem Element interagieren. Das können einmalige oder wiederkehrende Aufgaben sein. Bei Maßnahmen und Kontrollen geben Benutzer unterschiedliches Feedback zur Erfüllung von ihren Aufgaben. Auch Überprüfungen und Risiken können anderen Benutzern zur Beantwortung zugeschickt werden.

Workflow plans are designed to trigger revaluations of protection needs analyses or vulnerability analyses. The one-time or recurring execution of workflows can be triggered automatically. HITGuard automatically generates a revaluation of already documented results from protection needs analyses, gap analyses, and review results.

The central management representative can be recorded under Audit management > Settings if the audit management add-on is activated. This user is then preset as the creator for all new audit programs.