Skip to main content

1. Information security mandate management

In this article you will learn how to create and update an information security mandate and how to associate observation, recommendation, action plans and PBI/CR/DS validation.

Managing an information security mandate

Information security mandates are defined on fiscal year basis. Users with the 'Pilot-GrpBusinessUnit-Information securityMandate' role can create, update or delete an information security mandate.

Creating an information security mandate

From the QuartzGOV homepage, click on the 'Information security mandate' button in the 'create' menu. An information security mandate creation screen will appear that allows you to:

  • Give a title to your mandate;
  • Select a fiscal year from the drop-down list;
  • Pick a start date, end date, and a deadline;
  • Add a rating to your mandate using the 'overall ratings' drop-down list;
  • Assign a lead auditor by using the 'assigned to' search bar;
  • And, click on 'save' to record your mandate.

Information security mandate creation screen

image.png

Accessing the information security mandate main list

From the QuartzGOV homepage click on 'information security mandate' inside the 'Information security mandates' module in order to display the list of mandates. The list displays the main information about each mandate.

Finding an information security mandate

Filters on the right allow you to search the mandate you want to see according to different criteria:

  • You can use Fiscal year if you know the fiscal year of your mandate.
  • You can use Assigned to if you know the lead auditor present your mandate.
  • You can use start date if you know the start date of your mandate.
  • You can use end date if you know the end date of your mandate.
  • You can use deadline if you know the deadline of your mandate.

A magnifying glass in each filter allows you to search for a specific item.

Editing an information security mandate

From the information security mandate main list, click on the menu of the information security mandate that you want to edit and click on the 'edit' button in order to display the mandate detailed view. From this screen, you should be able to edit the mandate and update the field that you want to modify.

Deleting an information security mandate

From the information security mandate main list, click on the menu button of the mandate you want delete and click on 'delete'.

Managing an observation

Observations are related to information security mandate. You can create, update or delete an observation.

Creating an observation

From the information security mandate main list, click on the 'menu' button for the mandate in which you want to create an observation and click on the 'create observation' button. The observation creation menu will appear. In this menu, you should be able to:

  • Add a description to your observation (this is mandatory to create it);
  • And, describe the impact on the 'impacts' fields.

Observation creation screen

image.png

Finding an observation

Once an observation has been created, the observation will appear on the information security mandate detailed view. You can also click on the 'obervation' button in the 'Information security mandates' module from the QuartzGOV homepage in order to display the observation main list.

Editing an observation

From the information security mandate detailed view, click on the observation that you want to edit in order to open the observation detailed view. From this view, you should be able to edit the observation and update the field that you want to modify.

Linking or unlinking controls to an observation

From an observation detailed view, click on 'add related controls' to link controls with your observation. If you want to unlink a control, you can click on the 'unlink' button of a linked control.

Deleting an observation

From the observation detailed view you want to delete, click on the 'delete' button on the top right of the screen.

warning

It is possible to delete an observation only if no recommendations are linked to it

Managing a recommendation

Recommendations are related to an observation. You can create, update or delete a recommendation.

Creating a recommendation

From an observation detailed view, click on the 'add' button in the 'recommendation' field. The recommendation creation menu will appear. If you want to create a recommendation it is mandatory that you add:

  • A name and summary;
  • A recommendation owner(s);
  • The type of the recommendation with the 'type' drop-down list;
  • And, the priority of the recommendation with the 'priority' drop-down list.

You can also add an owner delegate and click the ' handled by project' button if you want manage your recommendation by project.

Recommendation creation screen

image.png
info

Once a recommendation has been created, it will appear on the observation detailed view

Accessing the recommendation main list

From the QuartzGOV homepage click on 'Recommendation' inside the 'Information security mandates' module in order to display the list of recommendations. This list displays the main information about each recommendation.

Finding a recommendation

Filters on the right allow you to search the recommendation you want to see according to your criteria. A magnifying glass in each filter allows you to search for a specific item.

Editing a recommendation

Click on the recommendation that you want to edit in order to open the recommendation detailed view. This screen is structured in different editing sections.

Recommendation detailed view

image.png

The header

Edit the header with the 'edit' button on the top right of the section allows to:

  • Update the recommendation title;
  • Add or remove a recommendation owner;
  • And, add or remove a recommendation delegate.

The 'recommendation' section

The recommendation section allows you to update recommendation summary and extra details.

The 'note' section

The 'notes' section allows to add notes and attachments to a recommendation if necessary.

Deleting a recommendation

If you want to delete a recommendation, go it its detailed view and click on the 'delete' button on the top right of the screen.

warning

It is possible to delete a recommendation only if no action plans are linked to it.

Managing an action plan

Action plans are related to a recommendation. You can create, update or delete an action plan.

Creating an action plan

From the recommendation list, click on the 'add action plan button' on the recommendation that you want to link to an action plan. You can also click on the 'add' button in the 'action plan' field from a recommendation detailed view. The action plan creation menu will appear. To create an action plan it is mandatory to add a name and a description. You can also add the owner, owner delegate and an action plan tag with the 'action plan tags' drop-down list.

Action plan creation screen

image.png

Accessing the action plan main list

From the QuartzGOV homepage click on 'Action plans' inside the 'Information security mandates' module in order to display the list of action plans. This list displays the main information about each action plans.

An example of action plans list with main information about each action plan

image.png

Finding an action plan

Filters on the right allow you to search for an action plan based on your criteria. A magnifying glass in each filter allows you to search for a specific item.

Editing an action plan

Click on the action plan that you want to edit in order to open the action plan detailed view. This screen is structured in different editing sections.

Action plan detailed view

image.png

The header

Click on the 'edit' button on the header in order to update the action plan title, owner(s) and owner delegate.

The 'action plan' section

The action plan section allows you to update the action plan description.

Deleting an action plan

If you want to delete an action plan click on the 'delete' button on the top right of the screen.

warning

It is possible to delete an action plan only if no PBI/CR/DS validation are linked to it.

Managing a PBI/CR/DS validation

PBI/CR/DS validation are related to an action plan. You can create, update or delete a PBI/CR/DS validation.

Creating a PBI/CR/DS validation

From an action plan detailed view, click on the 'add' button in the 'PBI/CR/DS validation' field in order to display the PBI/CR/DS validation creation screen. The name and description are mandatory to create a PBI/CR/DS validation. You can also add a target date.

PBI/CR/DS validation creation screen

image.png

Finding a PBI/CR/DS validation

Once a PBI/CR/DS validation has been created, it will appear on the action plan detailed view. You can also find it by clicking on the 'PBI/CR/DS validation' insight the 'Information security mandate' from the QuartzGOV homepage.

List of PBI/CR/DS validation linked to the action plan 'AP 1818'

image.png

Editing a PBI/CR/DS validation

From the action plan detailed view, click on the PBI/CR/DS validation that you want to edit and update the field that you want to modify.

Deleting a PBI/CR/DS validation

From the PBI/CR/DS validation detailed view you want to delete, click on the 'delete' button.