Cyberday.ai
Get started
Login
Topics
ISO 27001
NIS2
Getting started
Framework management
Product security
Settings & advanced
Trial and subscription
User management
Community
Documentation
Personnel guidelines
Reporting
Task management
GDPR
Internal auditing
Personnel security
Risk management
Working as a partner
Continuous improvement
Team collaboration
Show all topics
Webinars
NIS2: Intro to NIS2 Directive and Cyberday
ISO 27001: Build a cyber security plan, that gets you compliant
May's monthly review for Cyberday admins (5/2024)
Show all webinars
Videos
Asset documentation
Continuously improving your ISMS
Cyberday overall intro
ISO 27001 and certification audit fundamentals
ISO 27001 and personnel awareness
ISO 27001 and risk management
ISO 27001 introduction
NIS2 introduction
Show all videos
Helps
Documentation
For admins
For partners
Frameworks
Guideline mgmt
Other features
Reporting
Setup and integrations
Task mgmt
User management
Show all helps
Blogs
Access Control & MFA (NIS2 21.2): Build A Solid Foundation with ISO 27001 Best Practices
Understanding HR Security Basics for ISO 27001 & NIS2 Compliance
Build your NIS2 measures for Business Continuity and Backups with ISO 27001
Best Practices from ISO 27001 for Secure System Acquisition and Development: Create your NIS2 measures
Potential Struggles IT Companies might Encounter with Incident Identification and Reporting Today
Show all blogs
Content library
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Academy home
Helps
Using compliance reports

Using compliance reports

In Cyberday, you can see a compliance report for every framework you want to comply with. Compliance report serves as a comprehensive overview of your organization's answers to each requirement / control in the related framework.

Compliance report in ISO 27001 is called 'Statement of Applicability' or SoA

Compliance report overview

Where to find this view: Dashboard -> Compliance report (box upper right corner)

Compliance reports can be accessed either directly from the Dashboard's Requirement frameworks -section or through Reporting-page.

Compliance reports are designed to offer a clear and concise snapshot of an organization's compliance to the specified framework. Within this report, each requirement of the framework is presented with a color-coded cell, reflecting its current compliance status. The following colours are shown:

  • Dark green: All recommended tasks are set to status 'Fully done'
  • Green: When not consideing 'Low priority' tasks, all recommended tasks are set done
  • Light green: At least one task set done
  • Yellow: No tasks done, but at least one task set to active status
  • Grey: No tasks active (= nothing done)
  • Dark grey: Requirement set as 'not applicable' (directly from the report)
N.b.! If you set a task as 'Not relevant', it won't be considered in this above color categorization

A separate compliance report is automatically available for all of the frameworks supported in Cyberday.

You can see the overview from the visual presentation, but by clicking a cell you can then dive into the details.

Compliance report details for a requirement

The compliance report details for each requirement refer to the task table shown under a requirement on the reports main section. You can get there by clicking on any of the requirement numbers in the overview, e.g. click on the "5.15" from the ISO 27001 compliance report. You will jump directly to the following kind of view (red numbers explained below):

  1. The section, which you have clicked on may have additional other small sections. You can switch between those by clicking on either one under the main sections headline.
  2. Find a summary of the section treatment status and edit the requirement. The values for the requirements are filled automatically by default, but you can change the applicability and execution status manually here. E.g. state in there if that specific requirement is not applicable to your organization and why. Choose "not applicable" from the drop-down next to "Applicability" and write a free description. The section then will be greyed out in the overview table in the start of the compliance report.
  1. Here you can find a table with the tasks, which are suggested for the requirement in order to achieve compliance level. In the table you can see the task name, the task type (which is an indecator of the actions, which are required in order to fulfil the task), the assurance information, priority level (preset, if not changed manually) and the status, meaning if the task is active, partly done, done and so on. By clicking on the "+" on the left side of the task, you will get more information about the task, if there are any available. This requires the task to have already some input. By clicking on the "->" on the right side of the task, you will get straight to the task card, so you can start treating the task.
  2. If you would like to, you can add a free description to the (main) section of this part of the compliance report.

Key benefits of compliance reports

There are several different key points of a compliance report. In the following list, you will find some of the most important ones.

Understand your current compliance

Using the compliance reports you can get a common language about where your information security is currently. Are we 25%, 50% or 75% compliant, and is that enough or should we be doing better?

Evaluate your implementation of different requirements / controls

Compliance reports list our suggested tasks which you can use to implement selected requirements or controls. These are our suggestions and they have priorities from Critical / High / Normal / Low, so you should start from the top and do your own risk-driven thinking on how far you feel necessary to go on each topic.

You can surely also supplement the list of task suggestions with your manual task additions. To summarize, you can use the compliance report to get ideas about hardening your implementation on certain requirements / controls even further, e.g. if your analysis reveals big risks or near-miss incidents happen related to them.

Have compliance evidence

Compliance report tasks the frameworks structure, so that it helps e.g. an auditor or anyone familiar with a certain framework to look inside your ISMS. E.g. in a certification audit, the auditor will need to get evidence from you for implementing each of the requirements in the framework. Compliance report helps you have those answers.

What to use compliance reports for?

  • Internal evaluation: Organizations use these reports internally to assess their cybersecurity posture, identify the parts, that have not yet been handled and prioritize actions for improvement.
  • Internal and external auditing: Auditors, compliance assessors, or regulatory bodies may review these reports to ensure an organization complies with industry standards, legal requirements, or contractual obligations. You can also use our auditing feature to do your audits directly in Cyberday.
  • Risk management: It helps in understanding and managing cyber security risks by aligning controls with identified threats and vulnerabilities in addition to documenting and treating your risks directly in your ISMS. You can even activate i.e. incident reporting for your employees to have incidents being reported and documented to your ISMS in real time, so you can start the incident and risk management processes directly in Cyberday.
  • Security communication: It helps to communicate an organization's commitment to cyber security to stakeholders, clients, and partners and therefore creating trust and transparency.
  • Continuous improvement: The report serves as a roadmap for ongoing cyber security improvement efforts, guiding the organization in maintaining or enhancing its security posture. Cyberday will suggest you additional tasks to further strenghten your assurance.

In essence, a cyber security compliance report like the ISO 27001 Statement of Applicability is a crucial tool for organizations to demonstrate their dedication to protecting their sensitive information, ensuring compliance with regulations, and continuously improving their cyber security measures.

Questions and feedback

Do you have any further questions, would need another help article or would like to give some feedback? Please contact our team via team@cyberday.ai or the chat box in the right lower corner.

Content

Share article

Other similar content from Academy

Help articles

Content: Tasks, Documentation, Guidelines and Reporting
How can I export data from Cyberday?
How do I create cyber security reports?
How to use the (internal) audit feature
How to use the metrics feature
Incident management: Extension for employee security incident reporting through Guidebook
Linking existing SharePoint files to your Cyberday content
Multilingual work in Cyberday
Personalize the menu by pinning items
Posting, replies and notifications in Community
Printing tips for reports
Publishing embeddable reports on your website
Setting a custom logo for your organization
Share reports through Microsoft Teams channels
Using "security statement" reports
Using compliance reports
Visual mode draws out documentation item's connections
What kind of logging is available about changes in your Cyberday account?
What kind of notifications are available?

Subscribe to Academy today

Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.

Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Topics
Reporting
Framework management
Community
Team collaboration
Product security
Show all
Webinars
NIS2: Intro to NIS2 Directive and Cyberday
ISO 27001: Build a cyber security plan, that gets you compliant
May's monthly review for Cyberday admins (5/2024)
Show all
Videos
ISO 27001 introduction
NIS2 introduction
ISO 27001 and certification audit fundamentals
Asset documentation
ISO 27001 and personnel awareness
Show all
Helps
Documentation
For partners
Other features
Reporting
Guideline mgmt
Show all
Blogs
Access Control & MFA (NIS2 21.2): Build A Solid Foundation with ISO 27001 Best Practices
Understanding HR Security Basics for ISO 27001 & NIS2 Compliance
Build your NIS2 measures for Business Continuity and Backups with ISO 27001
Best Practices from ISO 27001 for Secure System Acquisition and Development: Create your NIS2 measures
Potential Struggles IT Companies might Encounter with Incident Identification and Reporting Today
Show all
Content library
Open content libraryLabs
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.