Guide to the Compliance Manager
Overview:
The Compliance Manager is the area where you can upload, audit, edit and test the policies, plans and procedures that form your organisation's Information Security Governance, Risk and Compliance (GRC).
Actions performed in this area influence your CyberCompliance KPI. Your CyberCompliance is a powerful indicator of how well you are managing your organisations cyber security. Having certain policies and procedures in place ensures that you are both attempting to prevent and actively preparing for the event of a cyber attack, alongside establishing an ongoing alignment between your IT/Cyber security teams and the Board of Directors of the business.
The Compliance Manager contains modules for the following areas of GRC:
- Cyber Essentials
- Incident Response Plan
- Information Security Policies
- Risk Assessment
- Annual Cyber Review
- BCDR Plan
Clicking into any of these will open a new window where you can upload, edit, and audit that specific document.
Compliance Status':
The state of each compliance document is indicated by a status:
Green Tick
Your policy/procedure/certificate is in place, and has been reviewed/audited/tested recently.
Orange warning
Your policy/procedure/certificate is in place, but will need to be reviewed/audited/tested soon.
Red warning
Your policy/procedure/certificate is either expired, incomplete, unapproved or overdue for a review.
Below the status icon, you are also told the reason for it. Examples might be 'Complete', 'Incomplete', 'Due for Review' or 'Expired':
You are then provided with even more specific details in grey writing underneath. For example, this maybe be information on when that document last performed/reviewed/test, or a helpful reminder for next renewal.
How do I get started?
By utilizing our vast array of free resources, paid services and/or using your own, the Compliance Manager gives you the best possible start to improving or recording your cyber security compliance.
See the tabs below on the free vs. paid services, and the table at the bottom for an overview.
Free Assistance:
To help you get started, there are free guides or policy packs included for each of the modules. These act as templates (or ready to use policies in the case of policy packs) and examples to assist you in creating your own documents. If you have little experience in building Compliance documents, these free guides are a great way to get started.
Professional Assistance:
If you'd prefer to have a professional take care of your compliance, you can pay for our team to do this as part of our Pro Services.
Make an Enquiry:
If you would like to make an enquiry to HighGround about any of the Pro Services available, follow the steps below:
STEP 1: Click on the Service
Click on the button for the service. This will open another window to the side with further information:
STEP 2: Click Enquire
Click the Enquire button located towards the top right of the new window:
STEP 3: Fill in the Details
Now you can add in the details of your enquiry, along with entering the phone number that you would like to be contacted on regarding the enquiry.
STEP 3: Send the Enquiry
Now the details are filled in, Click the Enquire Now button to send the enquiry to us.
And that's it! We will receive your enquiry and respond within 48 hours.
TIP
Buying a Pro Service? You can get money off of your purchase by applying any Pro Services Credits you have earned from making referrals, sharing on social media, or sending a Cyber Report to your CEO/CFO/CTO.
| Compliance Document: | Free Guidance: | Pro Services: |
|---|---|---|
Cyber Essentials |
None |
Yes - the Cyber Essentials Service will prepare your IT systems to Cyber Essentials standards, as well as make the certification request on your behalf. This is also available for Cyber Essentials Plus standard. |
Incident Response Plan |
Free Guide |
Yes - the Incident Response Plan Service guides you through a structured process of building your IR plan. Available as a 16-hour or 30-hour service. The Incident Response Handling Service provides you with a whole team of certified and experienced Incident Handlers at your disposal - ready for when an incident occurs. The monthly payment packages offer Incident Response services available during either business hours (8 hours per day, 5 days a week) OR available anytime (24 hours, 7 days a week). Additionally, there is a one-off service that is priced per hour. |
Information Security Policies |
Free Policy Pack |
Yes - the Premium Pack instantly provides you with pre-written ISO 27001 approved policies, ready to use. |
Risk Assessment |
Free Guide |
Yes - the Risk Assessment Service will identify your cyber security risks according to the NIST cyber security framework; covering 16 key sections and over 168 questions to gain an extensive understanding of your current risks and vulnerabilities. Available as either a basic or advanced package. |
Annual Cyber Review |
Free Guide |
No |
BCDR Plan |
Free Guide |
Yes - the Backup & Disaster Recovery Services protect your organisation from data loss and IT outages. Packages include Office 365 backup priced per user per month, Cloud backup priced per TB, and Disaster Recovery services priced on demand. |
Guidance for each Module:
For specific guides on each of the Compliance Modules, have a browse through the tabs below:
Information Security Policies
Please see our Guide to the Information Security Policies Module.
DeleteBCDR Plan
Please see our Guide to the Business Continuity & Disaster Recovery (BCDR) Plan Module.
Delete