Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook
Topics
ISO 27001
NIS2
Getting started
Framework management
Product security
Settings & advanced
Trial and subscription
User management
Community
Documentation
Personnel guidelines
Reporting
Task management
GDPR
Internal auditing
Personnel security
Risk management
Working as a partner
Continuous improvement
Team collaboration
Show all topics
Webinars
Introduktion till NIS2-direktivet, lokal NIS2-lagstiftning och Cyberdays ISMS
ISO 27001: Bygg en cybersäkerhetsplan som gör att du uppfyller kraven
Intro to NIS2 directive, local NIS2 laws and Cyberday ISMS
ISO 27001: Entwickle einen Cybersecurity-Plan, der deine Compliance sichert
Show all webinars
Videos
Asset documentation
Continuously improving your ISMS
Cyberday overall intro
ISO 27001 and certification audit fundamentals
ISO 27001 and personnel awareness
ISO 27001 and risk management
ISO 27001 introduction
Mastering NIS2 Compliance with Cyberday
NIS2 introduction
Show all videos
Helps
Admins
Documentation
Frameworks
Guideline mgmt
Other features
Partners
Reporting
Setup and integrations
Task mgmt
User management
Show all helps
Blogs
SOC 2: Working towards compliance
DORA essentials: Introduction, Scope and key requirements
Cyberday goes Cyber Security Nordic 2024!
Cyber Security in Supply Chain Risk Management
From Compliance to Collaboration: How NIS2 Encourages Stronger Supply Chain Security Collaboration
Show all blogs
Content library
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Unfortunately something went wrong. You can contact us at team@cyberday.ai.
Cyberday.ai
Get started
Login
Academy home
Helps
Task assurance methods

Task assurance methods

In Cyberday, you have different options to gather assurance for different tasks. Sometimes, the chosen assurance method very much depends on the type of the task itself, but you can always add additional assurance to strengthen your overall task assurance level. In this article, you can read more about the different assurance methods and how to use them.

Primary assurance methods

You can find four primary assurance methods in Cyberday: connecting documentation, linking reports, creating and sharing guidelines and linking a security system.

Linked documentation

Maintaining related documentation is the main assurance method for some of the organizational tasks in Cyberday. You will see a link to already created documentation items or you will find e.g. "0 data systems". By clicking the link you will be taken to the documentation list (in this case: data systems).

Examples of organizational themes that require maintaining documentation are e.g. asset management, risk management, partner management or incident management.

Read more about documentation in Cyberday here.

Example of a task, which has connected documentation items.

Linked reports

The linking (or creation) of a report is the main assurance method for some of the organizational tasks in Cyberday. When you activate a task, which requires you to link a specific report and you open the task card, you can find an overview of the reports, which are needed as assurance for this specific task. If you have already created any of the needed reports, those are automatically linked there. In case you do not yet have that report, you can click the "+ create report" button and you will be taken straight to the report, which you can adjust if needed.

Example screenshot of how a task card, which requires the linking of a report looks like.

Read more about reporting in Cyberday here.

Linked guidelines

For "people tasks", the main assurance method is the creation and sharing of guidelines for the employee guidebook. The employees can then read and accept the guideline by accessing their individual Cyberday Guidebook. If you activate and edit a task which connected guidelines, you can find a link to the guidelines section, which leads you to the list of activated and suggested guidelines for this task. If you already have some guidelines activated and shared with your employees, you can also see a progress bar as a quick overview of the current acceptance rate of your employees.

If you click on the link, you will get to the guidelines section of the policy and you can receive more detailed information about the guideline, its acceptance and further, you can activate skill tests and case examples or edit the guideline itself.

How an activated guideline looks like when you click on the link in the task card, in this case "12 remote work and mobile devices", see screenshot below
Example of a task, which requires the linking of guidelines.

Linking a security system (technology)

For the technical kind of tasks, you can simply link the correct security system. When opening and linking the security system, you will see a list of suggested options or you can type your individual system, if you can't find it from the list.

The task card will show if it is a technical task and if you need to connect a technical system.

When scrolling over the box with the "1. Security systems", a small pencil icon will appear next to the "technical" mark. Click on the pencil and a new window will open, in which you can select the technical system of your choice and then click "done". After that is done, you can add a process description or more assurance (see paragraphs below).

Other assurance methods

In addition to the above listed methods of gathering assurance, you can add more information and assurance to your tasks in order to make them even more strong.

Writing a process description

The process description is an important part of collecting evidence for how a task is being carried out. You can find the spot for the process description in the implementation tab of your task card. You can use that room to give more detailed information about how the task is being carried out.

For most of our tasks, you can also find a template or an example text of how the process description could look like. You can use this and adapt it to your needs, in order to make it fir to your organization's task implementation. Note: always make sure that the information you are giving in the process description are correct and up to date, meaning if you decide to use one of the templates for the description, make sure it fits your organization's actual task implementation process.

Review cycle for a task

You can increase your confidence on the task information being accurate by enabling a task review. Review can be set to monthly, quarterly, bi-annual or annual frequency.

The point of task reviews is to request the task owner to confirm that all related information on the task is up-to-date. We recommend enabling a review especially for high priority tasks.

Additional assurance options

Under the link "Additional assurance information" in the bottom of the task card, you can find a list of other assurance options that you can add to your task. This can mean either the

  • linking of external files (make sure you have a SharePoint link in the organization settings): You will get the option to select from the SharePoint after you have clicked this option
  • linking of a security system (if you are managing a task rather in a technical way, even if the task type originally was another one)
  • divide the implementation, if for example different sites or units are participating in the task implementation in different ways
  • involve other employees in the monitoring (so they have to check that they have done their part of the task)
  • add additional guidelines to share to your selected employees in regard of that task
  • how-to instructions: if you want to add a more detailed description of how this task is being carried out to ensure the correct way of working with this task

(See screenshot below for further information about the above mentioned options.) You can add any additional assurance information to your task at any point. The more assurance you are collecting for a task, the stronger its security layer for your organization will get.

Additional assurance options in Cyberday

Questions and feedback

Do you have any further questions, would need another help article or would like to give some feedback? Please contact our team via team@cyberday.ai or the chat box in the right lower corner.

Content

Share article

Other similar content from Academy

Help articles

Content: Tasks, Documentation, Guidelines and Reporting
Divide task implementation to multiple units / sites
Getting started in Cyberday
Harden your assurance
How to delegate tasks and show evidence of completion?
Task assurance methods
Taskbook instruction guide

Subscribe to Academy today

Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.

Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.
Topics
Working as a partner
ISO 27001
Documentation
Community
User management
Show all
Webinars
Introduktion till NIS2-direktivet, lokal NIS2-lagstiftning och Cyberdays ISMS
ISO 27001: Bygg en cybersäkerhetsplan som gör att du uppfyller kraven
Intro to NIS2 directive, local NIS2 laws and Cyberday ISMS
ISO 27001: Entwickle einen Cybersecurity-Plan, der deine Compliance sichert
Show all
Videos
Mastering NIS2 Compliance with Cyberday
ISO 27001 introduction
NIS2 introduction
ISO 27001 and certification audit fundamentals
Asset documentation
Show all
Helps
Documentation
Partners
Other features
Reporting
Guideline mgmt
Show all
Blogs
DORA essentials: Introduction, Scope and key requirements
Cyberday goes Cyber Security Nordic 2024!
From Compliance to Collaboration: How NIS2 Encourages Stronger Supply Chain Security Collaboration
Agendium Ltd is now Cyberday Inc.!
10 compliance traps & how to avoid them
Show all
Content library
Open content libraryLabs
Kiitos! Saat jatkossa uutiskirjeen sähköpostiisi joka perjantai.
Valitettavasti jotain meni pieleen. Voit olla yhteydessä tiimi@tietosuojamalli.fi.