Security Plans
Security Plans Module
This page contains information to assist our customers with utilizing the Security Plans module in RegScale. It describes what it is, why you would use it, the benefits, and provides instructions on getting started.
What is it?
A security plan is a document that describes all relevant security controls, their implementations, and related data for a given boundary (a logical collection of components or assets). Common synonyms for security plans might include:
- System Security Plan (SSP)
- Information System Security Plan (ISSP)
Why would you use it?
Security plans are commonly used to document the implementation of security controls (i.e. regulatory requirements) for a given information system. Security plans are required for a variety of common regulations to include NIST 800-53, PCI, HIPAA, ISO 27001, Cloud Security Alliance (CSA), and others. There are many reasons to document security plans which include:
- Tracking information about the security of the information system
- Thoroughly describing security policies and implementation controls against the regulations
- Conducing audits and testing to verify compliance for control implementations
- Tracking review and approval cycles to accept risk
What are the benefits?
A strong security plan program results in multiple benefits for an organization; to include:
- Fuller understanding of each information system's security implementation
- Verification of compliance with regulations to reduce fines and audit risks
- Validation of control implementations to reduce risk
- Strong accountability for risk acceptance for senior organization officials
How do I use it?
The security plan module in RegScale Community Edition (CE) provides a number of key features that are useful in managing a robust program, to include:
- Tracking metadata for security plans and categorizing systems
- Tracking expiration dates for security authorizations and the dates controls were last assessed/tested
- Real-time tracking and dashboards
- Automation via our Application Programming Interfaces (APIs) - scripting evidence collection and documentation gathering
- Single pane of glass assignment tracking via our work bench
- Automated workflows for review and approval
- Interactive timeline builder
- Social collaboration via our News Feed (LinkedIn for Compliance) and real-time commenting system
- Secure evidence management with our file upload and encryption system
- Audit history including every view, update, print, email, etc.
- Calendar view to see data calls scheduled within any given period
- Dashboards, Status Boards, and Score Cards to visualize progress in real-time
For our Enterprise Edition (EE) customers, you get all the great features above, plus we add:
- Ability to create custom fields to extend the schema and build out customer specific data entry forms
- Integration with Microsoft Teams and Slack for real-time collaboration
- Ability to host a multi-tenant version to segregate data by site, customer, organization, etc. to run many different security plan programs with complete data isolation from a single installation
- Real-time interactive dashboard with Microsoft PowerBI AddOn
Updated about 1 year ago