Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook
Academy home
Using "security statement" reports

In Cyberday you can publish "security statement" reports. This is a report type that can have different purposes. You can adjust the detail level on the statements to suit your needs and bring only the content in that you need.

Security statement reports are designed e.g. for the following purposes:

  • report publicly (e.g. towards customers, partners)
  • report internally (e.g. towards your top management)
  • answer security questionnaires (e.g. during tendering)

Creating a security statement report

When you want to create a security statement report, go to Reporting from your Organization dashboard and click "+ Create new report" from the upper right corner. Select "Security statement" from the pop-up window and then click "Step 2 ->". A new pop-up window will open, which requires you to select the desired detail level of your report and finally, the title.

Security statement detail levels

You can choose between different detail levels for different purposes and audiences. Your reports will by default have a cover page, followed with the information in the by you selected detail level. Find more information in the following paragraphs:


With the condensed detail level, only the title of the from you selected tasks will be displayed. This can be used publicly, as it is only showing that you are handling different security topics, but not telling how.

Example of the content of a condensed report.


The "normal" detail level will show the title and requirement content of the from you selected tasks. This could be used for public purposes, e.g. if your customers or partners require those information.

Example of a report showing the requirement content.


With the detailed selection, the from you in the next step selected tasks will display with their title, the requirement, the task status and assurance information about the task implementation. This should be used for internal purposes, as it contains a lot of information from your ISMS.

This is how a task will be shown in the detailed report view. You can find the requirement text, the assurance level, task status, owner, priority level and etc.

The scope

After you have set the detail level, you can decide on the scope of your report. You can either select whole themes, individual policies or simply individual tasks, depending on your report desires. The scope and title will be shown on the cover page of your report.

You can go into different detail selections by clicking the drop-down. Like this, you can select whole themes, policies or singular tasks. If you click on a check box from a theme, all of the check boxes underneath the theme (policies and tasks of the theme) will be checked. If you only want a separate task, only check the box of the singular task and click "Update data".

Editing a statement report

You can edit the data of the report afterwards and update the content, in case some information in your ISMS have changed. You can edit the rport at any time, also if it already has been published. When you are publishing a report, you can add a comment with it. The report will be shown in your reporting section of the Organization Dashboard and you can find it quickly by filtering with "Embed" as report type.

Edit the content (e.g. the displayed themes and tasks) from the menu on the left. You will also get back to this view, once you click editing for an already published report (see screenshot below).
You can edit and update the data of a published report from the view on the left.
If you have made changes to a report, you can summarise those in a short comment when publishing the report again.

As usual, you can also open a printable version of this report as well. You can find the printable version by clicking the three dots next to the "inactive"/"active" slider on top of your report.

Example picture of a security statement report in Cyberday.


Share article