Use Cases
A short overview of possible use cases
With 360inControl®, you can start directly with the topics that are important to you.
The compliance module of 360inControl® offers integrated use cases to evaluate processes, prepare for certifications, perform supplier assessments, check the cybersecurity status, and perform data protection-relevant assessments.
Just to mention a few use cases. The list below is not exhaustive. We will be happy to advise you individually.
| Use Case | Scope | Usage | Details |
|---|---|---|---|
| Business Continuity & Backup Management | This assessment helps the company determine what the current state is in business continuity and backup management.
Business continuity and backup management are essential to be prepared for an emergency of any kind. | Such an assessment can be used to
determine the current state and define measures to be taken | It is examined whether the organizational and technical precautions are implemented to ensure that business operations are not negatively impacted and continue in an emergency.
This includes checking whether the IT precautions in the area of backup management can ensure prompt and complete restoration of business operations. This is also required as a basis in the ISO22301 and ISO27001 standards. Controls in scope: approx. 39 |
| Change Management | This assessment helps the company determine what the current state is in change management.
Change management is essential to ensure that no change goes productive without necessary testing and approval. | Such an assessment can be used to:
Determine the current state and define measures to be taken or as a starting point to initiate a strategy to implement change management. | It is examined whether the change management process fulfills its control function to protect its systems and organization.
Samples will be taken to check if changes are approved and tested before implementation to production. Were necessary risk assessments performed, traceability ensured and segregation of duty implemented. This includes checking whether required training is performed monitored, and reported. ISO27001 and COBIT serve as the basic framework. Controls in scope: approx. 39 |
| Configuration Management | This assessment helps the company determine what the current state is in configuration management.
Configuration management plays a central role in cybersecurity. Nowadays, companies are subject to be attacked, and they have to implement the necessary safeguard controls. Adequate configuration management is essential to increase protection. | Such an assessment can be used to:
Determine the current state and define measures to be taken or as a starting point to initiate a strategy to implement configuration management. | It is examined whether adequate settings and measures are implemented to protect systems and organizations.
This includes checking whether necessary settings for platform(s) and device type(s) are specified and compliance is under control. Samples will be taken to check if configuration management is established. Were necessary risk assessments performed, traceability ensured and segregation of duty implemented. This includes checking whether required training is performed monitored, and reported. ISO27001 and COBIT serve as the basic framework. Controls in scope: approx. 13 |
| Information Security Management | This independent assessment helps companies with an existing security program and/or security certification to determine/check their actual status of information security. | Such an assessment can be used to determine the current state of information security and define measures to be taken. | Our experienced security experts check your system for weak points, identify and analyze them. Measures are determined to improve the security concept.
During the check, different security areas/topics are evaluated to cover a diversified security territory. ISO27001, PCI DSS, CSC, COSO TSP Section 100 AICPA, GDPR und COBIT. serve as standards and basic framework. Controls in scope: approx. 48 |
| Project Management | This assessment helps the company determine what the current state is in project management.
Project management is essential of using principles and procedures to manage a project from conception through delivery of an outcome, such as an application, event, product, or service. | Such an assessment can be used to:
Determine the current state and define measures to be taken or as a starting point to initiate a strategy to implement project management. | It is examined whether the project management process is working correctly. It has to ensure that projects are performed as expected and are successfully transferred to operations.
It will be checked if this happens according to a structured process that identifies the information security risks and manages them adequately. Controls in scope: approx. 48 |
| Risk Management | This assessment helps the company determine what the current state is in risk management.
Risk management is an essential process for the success of the company. Identifying risks at an early stage, determining how to deal with them, and constantly monitoring them is a crucial success factor. | Such an assessment can be used to:
Determine the current state and define measures to be taken or as a starting point to initiate a strategy to implement risk management. | It is examined whether the risk management process is adequately implemented, trained and monitored.
This includes checking whether residual risk acceptance is done on the right level and risk mitigation implemented. ISO27005, ISO31000, PCI DSS, COSO TSP Section 100 AICPA and COBIT serve as the basic framework. Controls in scope: approx. 24 |
| Service Management | This assessment helps the company determine what the current state is in service management.
Service management is an essential process in a company that is implemented across various organizational levels. | Such an assessment can be used to:
Determine the current state and define measures to be taken or continuously improve service management. | It is examined whether adequate policies and processes are implemented for service management.
This includes checking whether essential roles and responsibilities are clearly defined and trained according to their duties. Samples will be taken to check if cybersecurity requirements are implemented as an integral part of the individual services. COBIT serves as the basic framework. Controls in scope: approx. 24 |
| System Security Management | This independent assessment of security experts focuses on technical cybersecurity aspects. | Such an assessment can be used to determine the current state of system security and define measures to be taken. | Our experienced security experts check whether the individual security settings and security design is implemented according to standards and best practices.
This includes checking whether the security design/architecture has weak points and identifying improvement. ISO27001/2, PCI DSS, CSC, COSO TSP Section 100 AICPA and COBIT serve as standards and basic framework. Controls in scope: approx. 75 |
| Initial Information Security Check | This basic assessment outlines the status of information and cybersecurity within the company.
We recommend this assessment to all companies that want to get a quick, structured, and meaningful picture of their information security. | Such an assessment can be used to determine the current state of information and cybersecurity and define measures to be taken. | It is examined whether the necessary processes are established, trained and monitored.
This includes checking the maturity of the implementation. This assessment aims to identify whether the existing security resources/measures are sufficient and what measures have to be taken to improve. Requirements from different standards are taken for this assessment. These are listed per requirement in the report. Controls in scope: approx. 103 |
| Data Protection | The European Data Protection Regulation is the global benchmark for data protection.
This assessment is a must for companies with customers in the European Union. For customers its essential that their personal data is treated seriously and secure. This assessment is dedicated to check if the data protection requirements are implemented and adhered to. | Such an assessment can be used to determine the current state of data protection and define measures to be taken. | This assessments supports to identify the status of implementation of data privacy requirement. It provides an overview of improvement, weak points and missing implementation.
Immediate action can be taken and legal counsel and security experts involved. GDPR and ISO27001 are applied. Annotation: Controls in scope: approx. 82 |
| ISMS (Informations Security Management System) | Set-up your ISMS | The Information Security Management System (ISMS) is crucial for systematically managing sensitive company information, ensuring its confidentiality, integrity, and availability. It helps organizations mitigate risks, comply with legal requirements, and build trust with clients by demonstrating a commitment to security. | We assess the current situation. Determine the scope of the ISMS and develop a step-by-step plan for implementation including the overall governance (PDCA) ensuring sustainability. |
Get in touch!
CISS LTD
Hollenweg 19 | 4105 Biel-Benken | Switzerland
info@360incontrol.ch
+41 44 585 12 25
