In Cyberday, you have different options to gather assurance for different tasks. Sometimes, the chosen assurance method very much depends on the type of the task itself, but you can always add additional assurance to strengthen your overall task assurance level. In this article, you can read more about the different assurance methods and how to use them.
Primary assurance methods
You can find four primary assurance methods in Cyberday: connecting documentation, linking reports, creating and sharing guidelines and linking a security system.
Maintaining related documentation is the main assurance method for some of the organizational tasks in Cyberday. You will see a link to already created documentation items or you will find e.g. "0 data systems". By clicking the link you will be taken to the documentation list (in this case: data systems).
Examples of organizational themes that require maintaining documentation are e.g. asset management, risk management, partner management or incident management.
The linking (or creation) of a report is the main assurance method for some of the organizational tasks in Cyberday. When you activate a task, which requires you to link a specific report and you open the task card, you can find an overview of the reports, which are needed as assurance for this specific task. If you have already created any of the needed reports, those are automatically linked there. In case you do not yet have that report, you can click the "+ create report" button and you will be taken straight to the report, which you can adjust if needed.
For "people tasks", the main assurance method is the creation and sharing of guidelines for the employee guidebook. The employees can then read and accept the guideline by accessing their individual Cyberday Guidebook. If you activate and edit a task which connected guidelines, you can find a link to the guidelines section, which leads you to the list of activated and suggested guidelines for this task. If you already have some guidelines activated and shared with your employees, you can also see a progress bar as a quick overview of the current acceptance rate of your employees.
If you click on the link, you will get to the guidelines section of the policy and you can receive more detailed information about the guideline, its acceptance and further, you can activate skill tests and case examples or edit the guideline itself.
Linking a security system (technology)
For the technical kind of tasks, you can simply link the correct security system. When opening and linking the security system, you will see a list of suggested options or you can type your individual system, if you can't find it from the list.
When scrolling over the box with the "1. Security systems", a small pencil icon will appear next to the "technical" mark. Click on the pencil and a new window will open, in which you can select the technical system of your choice and then click "done". After that is done, you can add a process description or more assurance (see paragraphs below).
Other assurance methods
In addition to the above listed methods of gathering assurance, you can add more information and assurance to your tasks in order to make them even more strong.
Writing a process description
The process description is an important part of collecting evidence for how a task is being carried out. You can find the spot for the process description in the implementation tab of your task card. You can use that room to give more detailed information about how the task is being carried out.
For most of our tasks, you can also find a template or an example text of how the process description could look like. You can use this and adapt it to your needs, in order to make it fir to your organization's task implementation. Note: always make sure that the information you are giving in the process description are correct and up to date, meaning if you decide to use one of the templates for the description, make sure it fits your organization's actual task implementation process.
Review cycle for a task
You can increase your confidence on the task information being accurate by enabling a task review. Review can be set to monthly, quarterly, bi-annual or annual frequency.
The point of task reviews is to request the task owner to confirm that all related information on the task is up-to-date. We recommend enabling a review especially for high priority tasks.
Additional assurance options
Under the link "Additional assurance information" in the bottom of the task card, you can find a list of other assurance options that you can add to your task. This can mean either the
- linking of external files (make sure you have a SharePoint link in the organization settings): You will get the option to select from the SharePoint after you have clicked this option
- linking of a security system (if you are managing a task rather in a technical way, even if the task type originally was another one)
- divide the implementation, if for example different sites or units are participating in the task implementation in different ways
- involve other employees in the monitoring (so they have to check that they have done their part of the task)
- add additional guidelines to share to your selected employees in regard of that task
- how-to instructions: if you want to add a more detailed description of how this task is being carried out to ensure the correct way of working with this task
(See screenshot below for further information about the above mentioned options.) You can add any additional assurance information to your task at any point. The more assurance you are collecting for a task, the stronger its security layer for your organization will get.
Questions and feedback
Do you have any further questions, would need another help article or would like to give some feedback? Please contact our team via email@example.com or the chat box in the right lower corner.