Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook
Academy home
Helps
Task assurance methods

In Cyberday, you have different options to gather assurance for different tasks. Sometimes, the chosen assurance method very much depends on the type of the task itself, but you can always add additional assurance to strengthen your overall task assurance level. In this article, you can read more about the different assurance methods and how to use them.

Primary assurance methods

You can find four primary assurance methods in Cyberday: connecting documentation, linking reports, creating and sharing guidelines and linking a security system.

Linked documentation

Maintaining related documentation is the main assurance method for some of the organizational tasks in Cyberday. You will see a link to already created documentation items or you will find e.g. "0 data systems". By clicking the link you will be taken to the documentation list (in this case: data systems).

Examples of organizational themes that require maintaining documentation are e.g. asset management, risk management, partner management or incident management.

Read more about documentation in Cyberday here.

Example of a task, which has connected documentation items.

Linked reports

The linking (or creation) of a report is the main assurance method for some of the organizational tasks in Cyberday. When you activate a task, which requires you to link a specific report and you open the task card, you can find an overview of the reports, which are needed as assurance for this specific task. If you have already created any of the needed reports, those are automatically linked there. In case you do not yet have that report, you can click the "+ create report" button and you will be taken straight to the report, which you can adjust if needed.

Example screenshot of how a task card, which requires the linking of a report looks like.

Read more about reporting in Cyberday here.

Linked guidelines

For "people tasks", the main assurance method is the creation and sharing of guidelines for the employee guidebook. The employees can then read and accept the guideline by accessing their individual Cyberday Guidebook. If you activate and edit a task which connected guidelines, you can find a link to the guidelines section, which leads you to the list of activated and suggested guidelines for this task. If you already have some guidelines activated and shared with your employees, you can also see a progress bar as a quick overview of the current acceptance rate of your employees.

If you click on the link, you will get to the guidelines section of the policy and you can receive more detailed information about the guideline, its acceptance and further, you can activate skill tests and case examples or edit the guideline itself.

How an activated guideline looks like when you click on the link in the task card, in this case "12 remote work and mobile devices", see screenshot below
Example of a task, which requires the linking of guidelines.

Linking a security system (technology)

For the technical kind of tasks, you can simply link the correct security system. When opening and linking the security system, you will see a list of suggested options or you can type your individual system, if you can't find it from the list.

The task card will show if it is a technical task and if you need to connect a technical system.

When scrolling over the box with the "1. Security systems", a small pencil icon will appear next to the "technical" mark. Click on the pencil and a new window will open, in which you can select the technical system of your choice and then click "done". After that is done, you can add a process description or more assurance (see paragraphs below).

Other assurance methods

In addition to the above listed methods of gathering assurance, you can add more information and assurance to your tasks in order to make them even more strong.

Writing a process description

The process description is an important part of collecting evidence for how a task is being carried out. You can find the spot for the process description in the implementation tab of your task card. You can use that room to give more detailed information about how the task is being carried out.

For most of our tasks, you can also find a template or an example text of how the process description could look like. You can use this and adapt it to your needs, in order to make it fir to your organization's task implementation. Note: always make sure that the information you are giving in the process description are correct and up to date, meaning if you decide to use one of the templates for the description, make sure it fits your organization's actual task implementation process.

Review cycle for a task

You can increase your confidence on the task information being accurate by enabling a task review. Review can be set to monthly, quarterly, bi-annual or annual frequency.

The point of task reviews is to request the task owner to confirm that all related information on the task is up-to-date. We recommend enabling a review especially for high priority tasks.

Additional assurance options

Under the link "Additional assurance information" in the bottom of the task card, you can find a list of other assurance options that you can add to your task. This can mean either the

  • linking of external files (make sure you have a SharePoint link in the organization settings): You will get the option to select from the SharePoint after you have clicked this option
  • linking of a security system (if you are managing a task rather in a technical way, even if the task type originally was another one)
  • divide the implementation, if for example different sites or units are participating in the task implementation in different ways
  • involve other employees in the monitoring (so they have to check that they have done their part of the task)
  • add additional guidelines to share to your selected employees in regard of that task
  • how-to instructions: if you want to add a more detailed description of how this task is being carried out to ensure the correct way of working with this task

(See screenshot below for further information about the above mentioned options.) You can add any additional assurance information to your task at any point. The more assurance you are collecting for a task, the stronger its security layer for your organization will get.

Additional assurance options in Cyberday

Questions and feedback

Do you have any further questions, would need another help article or would like to give some feedback? Please contact our team via team@cyberday.ai or the chat box in the right lower corner.

Content

Share article