Adding your Tools > Security Components to your Services

When creating both your Security and Managed IT services, you’ll notice a section called Select Controls. Think of this as the place where you define the technical building blocks that make up your service.

Within this block, you can add the tools and technologies that support the service you're delivering , choose the appropriate GRC components, and adding any licences associated with those tools. Essentially, this is where you tell HighGround what’s under the hood of your service.

As you work through the Select Controls process, you’ll be adding the security components that form part of your service offering. Once these components are selected, HighGround automatically pulls through the relevant features and capabilities tied to those controls. That means we do the heavy lifting for you - no need to manually map out which features belong to the service.

The first step in the Select Controls process is adding your tools. This is where you define the technologies and/or practice types that make up the service you’re building.

The list of tools displayed here is pulled directly from your stack, so everything you see should already be familiar. This keeps things quick and consistent - no need to manually recreate tools you’ve already configured elsewhere in HighGround.

Once you select a tool, the technologies associated with that tool will appear on the right-hand side of the screen. Not every technology linked to a tool will necessarily apply to the service you’re creating, so you can simply toggle off any technologies that aren’t relevant. This allows you to tailor the service without having to remove the tool entirely.

You’ll also have the option to assign or update the Security Pillar for each technology. If a technology fits better under a different area of security, you can easily change it using the available pillars:

In some cases, you may want to use more than one tool for a single technology. For example, you might deliver endpoint protection using multiple security products. HighGround supports this by allowing you to assign multiple tools to the same technology.

To do this, click the tool icon at the bottom of the technology card. This will display a list of all compatible tools in your stack that can deliver that technology. From there, simply select the tools you want to include - you can add as many as required to reflect how the service is actually delivered in your environment.

Once you’ve finished adding your tools, the final step before saving the service is the Licensing page. On this page, HighGround will automatically pull through any licences that are already associated with the tools in your stack. These will be displayed so you can quickly review what licensing is being applied to the service.

From here, you have a few options depending on how the service is delivered:

This gives you flexibility to make sure the licensing setup accurately reflects how the service is packaged and delivered to customers.

If you continue with licences associated to your tools, these will automatically feed into the Product Costs section of the service. HighGround then uses this information when calculating your pricing summary, helping ensure the cost of the underlying tools is properly accounted for when defining your service pricing.

Once you’ve added your tools (security components) to the service, the next step is selecting the GRC Capabilities that the service supports.

You’ll be presented with a list of GRC capabilities pulled directly from your stack, ensuring everything remains consistent with how your security framework has already been configured within HighGround.

When you click on a capability, you’ll see an associated question appear on the right-hand side of the screen. By toggling this on, you’re confirming that the service delivers or supports that particular capability. This helps clearly define the governance, risk, and compliance outcomes that the service contributes to.

As with technologies, you can also update the Security Pillar assigned to each capability if needed. This allows you to better align the capability with the area of security it supports. The available pillars are:

Once you’ve clicked Save at the final step of the Select Controls process, you’ll be taken back to the Service Creation screen. This time, however, the service will now display all of the security components you’ve just configured.

Here you’ll see a clear overview of the components included in the service, along with their associated Security Pillar and any licences that have been attached. This gives you a quick snapshot of the technologies and controls that make up the service you’re building.

Based on the security components you’ve added, HighGround will automatically generate a feature list for the service. To get you started, the platform creates one feature per component, helping you quickly outline what the service delivers without needing to start from scratch.

If you’d like to expand this list, simply click the 'Add' button beneath the generated features. You’ll then see the option to 'Expand features list'. Selecting this will prompt HighGround to generate an additional feature for each security component. The expansion can be repeated up to four times, allowing you to quickly build out a more detailed feature set with minimal effort.

Of course, you’re not limited to the automatically generated features. You can also:

You’ll also notice that HighGround automatically displays the mapped security posture that this service will contribute to your clients. This uses the same framework and posture mapping applied throughout the platform, ensuring the service aligns with the wider security posture reporting used across HighGround.