Compliance management
In order to meet the high internal and legal compliance requirements of companies, sound compliance management is required. HITGuard enables you to identify both weaknesses and potential for improvement in various areas. The findings from the analyses can be specifically addressed with the help of HITGuard and the compliance of your organization can be continuously developed.
- Import of knowledge databases with thematically grouped sets of test questions
- Illustration of own, internally created specifications as evaluable standards
- Proposals for measures to address identified potentials
- Monitoring proposals for regular review of the effectiveness of implemented measures
- Evaluation of compliance according to various standards/norms and internal guidelines
Detailed knowledge databases
A knowledge database contains test questions on various topics based on standards, norms and/or expert knowledge. Using the question catalogs included, you can identify relevant deviations from the state of the art and thus potential weak points in the company. Risks can be derived from this in the next step. Knowledge databases therefore ensure that all relevant factors are identified and consequently addressed.
- Provide documented evidence of compliance with external and internal requirements.
- Gain transparency in the progress of your management system through the historicized answering of audit questions.
- Use the check question catalogs from knowledge databases in your risk and audit management.
- Report on your compliance and audit coverage using configurable dashboards.
- Share your insights with customized variance analysis reports.
Use of external know-how
The knowledge databases offered originate from experts in the respective field and are created by TogetherSecure or renowned partners. Alternatively, they are derived from regulations for standards and norms and labeled as such.
- Check compliance with laws, standards and norms as well as the maturity level of your organization.
- Customize the parameters of your analyses to your requirements by selecting specific topics and test objects.
- Implement targeted measures and demonstrate their effectiveness by means of recurring checks.
Integration of internal know-how
If required, those responsible for a management system can create their own knowledge databases that are precisely tailored to the respective management system or corporate governance requirements. Company-specific knowledge is recorded in these databases, for example on guidelines, the handling of projects or internal regulations.
- Import your question catalogs or create them directly in the tool with your own wizard.
- Benefit from the different types of test question structuring to map your requirements.
- Create associated measures and controls yourself and link them to the test questions.
- Send check questionnaires for self-assessment to several responsible persons or external parties at the same time.
Examples:
- Checking the compliance of various departments
- Questions about cloud security for potential service providers or suppliers
Knowledge library in HITGuard
The following knowledge bases are available on a subscription basis for users who, for example, want to check their compliance with various standards and norms, make their risk analyses more comprehensive or prepare for various certifications:
- IT baseline protection compendium of the BSI in the latest version
- Assessment for the implementation of information security management in accordance with ISO/IEC 27001:2013
- Information security management template package for the healthcare sector
- Industry-neutral template package for information security management
- Industry-neutral template package for data protection management
- Assessment for the implementation of the Data protection basic regulation
- B3S in the healthcare sector
- VDA ISA Self Assessment
- PCI DSS Self Assessment
Proposals for measures and controls
In addition to the test questions, our knowledge databases contain suggestions for appropriate measures and controls. If users use the knowledge databases to analyze vulnerabilities, they are not left alone with any newly identified vulnerabilities. HITGuard also supports them in dealing with them as part of risk management.
Option for updates
TogetherSecure and its partners are constantly developing the knowledge databases offered in subscriptions. This includes the incorporation of innovations in official standards and norms when they are published. In-house developments are also regularly updated with new findings and advances. The updates also work for knowledge databases that a management system has expanded or revised itself. Those responsible decide for themselves whether the updates should be adopted or not.
Request a non-binding demo now
Find out what the GRC software HITGuard can do for you