The Management System / Audit module supports the process of building a certifiable management system, including its scope, roles, requirements, risks, controls, statement of applicability and audit.
In the first step, the framework for the management system is created and the scope is defined by included organizational parts, processes and other resources.
Risk analysis is performed, based on threats, vulnerabilities, incidents, existing controls etc.. Relevant risks are then identified.
In the next step, each risk is handled with one or several controls.
In the final step, the respective control in the requirements part of the management system (eg annex A ISO27001) is analyzed for applicability. The end result is a so-called Statement of Applicability, SoA.
Each management system has its own portal where all information and functionality are gathered.
Audit is directly linked to the Management System above, which has been built up based on all data entered in iFACTS, including requirements and goals that have been distributed. These requirements and goals have been implemented, with a corresponding result.
By linking these requirements and goals to the controls in the management system, a result is automatically obtained as to how well each control is complied with.
Audit forms make it possible to further comment on the fulfilment of each control.
Audit report is created from all detailed data together with results and comments.