Skip to main content

Compliance Dashboard

This article defines how the Compliance Dashboard works and what it communicates.

Michael Compisi avatar
Written by Michael Compisi
Updated over 2 years ago

CyMetric enables you to communicate the maturity of your organization's compliance or cybersecurity program both through detailed reports and a visual dashboard which may be more accessible to executive stakeholders. The dashboard represents the outputs of a completed assessment plan in donut charts carving out individual details for logical segments or functional areas of the program. This article will discuss how to use the dashboard.

Navigation

From the gray navigation area, click on Compliance Dashboard from the menu in the Analytics section. This will launch the dashboard module.

From the two dropdown dialog areas, choose both the compliance obligation, framework or cyberprogram along with completed assessment to review. NOTE: Users will only see the obligations, frameworks or programs they are licensed for in the first dropdown. Assessment plans that are not completed or marked in progress will not appear in the dropdown.

Once the two dropdowns are filled in, donut graphs will appear that reflect the high level/overall performance of the program as well as the subsections of the regulation or framework containing the maturity score for each area. The legend displays the color representation of the values in the graph.

How are the values determined?

When an assessment plan is executed, each control is scored on a five-value system based upon its implementation maturity. In the Assessment module, a control that is identified as "Fully Compliant" will be scored as a five, a "Mostly Compliant" control will be scored a four, a "Somewhat Compliant" control will be scored a three, a "Partially Compliant" control will be scored a two and a "Not Compliant" control will be scored a one. Controls that are Not Assessed are removed from the calculation and do not impact the scoring function. All of the controls with their respective scores across the entire regulation or framework are aggregated; averaged; and converted to a percentage to provide an overall performance score in the large Donut Graph and each of the sections or categories of the regulation or framework are represented with the smaller graphs based upon the controls that map to that section. NOTE: Controls that fall into multiple categories or sections will contribute to those respective areas meaning that the rating or scoring of some controls will contribute to multiple sections.

Color Coding

Dark Green: If all controls were fully compliant, the rating would be 100% and be labeled in dark green.

Light Green: If the average rating of the controls for the program or section is between 80% and 99%, the light green color code would be applied.

Yellow: If the average rating of the controls for the program or section is between 60% and 79%, the yellow color code would be applied.

Orange: If the average rating of the controls for the program or section is between 40% and 59%, the yellow color code would be applied.

Red: If the average rating of the controls for the program or section is between 20% and 39%, the red color code would be applied.

Gray: The gray color code represents controls that are a part of the program but were not assessed as a part of the reviewed Assessment Plan.

Drilling Down

CyMetric allows users to drill down into each category and subsection for a more granular view of the program. All of the controls that fall into each section are aggregated and averaged to provide a representation of specific functions within the program. This enables stakeholders to see how they are doing with specific elements of their program and where resources may need to be allocated to improve the program and reduce risk.

To drill down, click on the name in the middle of one of the smaller Donut Graphs represented on the main dashboard. The category or section will be exploded into its component subcategories in a similar format as the program view from the main dashboard page. The category and subcategories all will have an associated score for their respective sections if there were controls that were mapped into those subcategories.

If the regulation or framework has deeper subsections, CyMetric can drill down further to highlight the granular subcategories of the program.

Actions Buttons

The Actions Buttons in the top right section of the screen allow you to view the Assessment Plan that is being represented by the Donut Graphs or share the screen with another User of the CyMetric platform.

To review the Assessment Plan represented by the Donut Graphs, click on the Review icon from the Actions area.

After clicking the button, Users are taken to the Assessment module and into the specific Assessment that is being represented by the Donut Graph. Users will be able to see all of the documentation, control ratings/scores, findings and other items that are a part of the Assessment.

To share a link to the Dashboard so other Users can review the outputs, simply click on the Link icon from the Actions area. A link to the dashboard is copied to the Clipboard of your device which can be pasted into and shared (emailed/texted) with other CyMetric Users. NOTE: The person who receives the link MUST have a CyMetric credential in order to get access to the Dashboard. Additionally, if the User is not logged in, the link will not work - the User will still have to log in and then navigate to the Dashboard independent of the link. If the User is currently logged in when they receive the link, it will take the User directly to the appropriate dashboard.

For detailed instructions on how to set up and execute an Assessment plan, please see these articles: Setting Up an Assessment/Audit of Your Compliance Program and Executing an Assessment or Audit of your Compliance Program.

Did this answer your question?