Following the release of 'Arden', which included a custom-format report generator, attestations and a super handy ServiceNow integration for Asset Registers, the 6clicks Product team have now unleashed ‘Collabria’.
Collabria includes a new Metrics module which enables you to keep track and monitor the most important things like trends in risk, issues and compliance. Metrics can be linked to risks, which effectively allows you to define Key Risk Indicators (KRIs) and track performance.
What's more, you can define your own risk appetite as a unique series associated with each metric, then run reports across risk domains and grouped metrics via metric tags. Group all your KRIs in one report, and KPIs in an other!
This means you can now chart and track progress right across your organisation, pretty cool eh!?
Check out this nifty example below:
Where You Can Get the Most Out of It & Demonstrate Value
A hot tip from Andrew Robinson (6clicks Head of Cyber Security). If you are interested in ISO 27001 and running an effective Information Security Management System (ISMS), these new metric features enable you to demonstrate compliance to section 9.1 under performance evaluation, specifically monitoring, measurement, analysis and evaluation.
If that's not enough for you and you're a metric carnivore, you could also brave a look at ISO 27004 which is a little known cousin of ISO 27001 that goes into enormous detail about metrics and measurement. They are a key part of evaluating the effectiveness of your security program and enabling decision making around improvement.
Some of the areas in which you may want to establish metrics include:
Issues and incidents of different types (audit findings, penetration test results etc.)
Tasks overdue such as issue actions, risk treatment plans and control checks