
Rapid Baseline Assessment Report
This report presents a summary of the Rapid Baseline Assessment responses and results as displayed in the Rapid Baseline Assessment Dashboard.
All of our reports are fully brandable. Pick from several different report style templates, change the colors to match your corporate style, select from a large library of stock images for your report covers or upload your own, and even edit the documents.
If you want to pull out just a specific chart or report section, they are all in standard MS Word format, so you can copy and paste any items into other documents.
Fill out the form below to access our Sample Reports page, where you can download samples of any report.
Click on the tabs below to see our report thumbnails and descriptions. To gain access to samples of all our reports, complete and submit the form above.
This report presents a summary of the Rapid Baseline Assessment responses and results as displayed in the Rapid Baseline Assessment Dashboard.
Presents a summary of the Controls Assessment responses and results as displayed in the Controls Assessment Dashboard.
This report presents a summary of the Requirements Assessment responses and results as displayed in the Requirements Assessment Dashboard.
Compliance Manager GRC includes the ability to upload any number of policies or other HR-related documents into a self-serve web-based portal that employees can log-into, read and review the documents, and attest to agreement with the contents. This dashboard report presents a summary of Employee Policy Acceptance results recorded for all employees of a given […]
Quickly and easily print out what you see on the Vendor Risk Management Report.
Whether you are compelled to track vendor compliance with specific IT requirements, or just do it as a matter of following best practices, Compliance Manager GRC gives you the ability to assign to your vendors specific sets of requirements — including any standards that you must adhere to. You can monitor progress for all your […]
Want to take the results of your vendor risk assessment and work on them in Excel? No problem. You’ll get the summary results in one tab, and individual line itme results in another.
Organizations that are implementing Federal Trade Commission’s Standards for Safeguarding Customer Information – the Safeguards Rule, for short – must create and implement a set of policies and procedures used to implement the necessary security controls based upon the requirements of the Rule. This policies and procedures manual includes all of the standard provisions of […]
Implementation Group 1 (IG1) is the definition of basic essential cyber hygiene. IG1 represents an emerging minimum standard of information security and of protection against common attacks for all. This document includes all of the policies and procedures required to be in alignment with IG1.
Implementation Group 2 (IG2) is for enterprises that employ individuals who are responsible for managing and protecting IT infrastructure. IG2 is comprised 74 additional Safeguards and builds upon the 56 Safeguards identified in IG1. This document includes all of the policies and procedures required to be in alignment with IG2.
IG3 assets and data contain sensitive information or functions that are subject to regulatory and compliance oversight.IG3 is comprised of an additional 23 Safeguards, and is the framework to use for maximum IT security. It builds upon the Safeguards identified in IG1 and IG2, and includes all 153 Safeguards included in the CIS Critical Security […]
Organizations that are implementing NIST Cyber Security Framework controls must create and implement a set of policies and procedures used to implement the necessary security controls based upon the NIST Cyber Security Framework.
Organizations that are implementing NIST SP 800-171 IT security requirements must create and implement a set of policies and procedures used to implement the necessary security requirements based upon the NIST SP 800-171 IT security requirements.
A second requirement is to have a set of policies and procedures used to implement PHI privacy protection and compliance with the HIPAA Privacy Rule.
One of the first requirements is to have a set of policies and procedures used to implement ePHI data security and compliance with the HIPAA Security Rule.
A third requirement is to have a set of policies and procedures used to implement procedures to notify individuals and the HHS Secretary of PHI breach events experienced by the organization and compliance with the HIPAA Breach Notification Rule.
To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-A is for e-commerce/mail/telephone-order (card-not-present) merchants which have completely outsourced all cardholder data functions.
To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-A-EP is for e-commerce-only merchants that rely on third-party service providers to handle card information, and which have a website that doesn’t process credit card data but could impact the security of the payment transaction.
To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-B-IP is for merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor, and which do not store electronic cardholder data.
To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ-C is for any merchant which utilizes a payment application connected to the internet, but with no electronic cardholder data storage.
To fully comply with the PCI DSS standard, three critical documentation areas are needed: policies, standards, and procedures. SAQ – C-VT is for merchants which utilize a virtual terminal on one computer dedicated solely to card processing, and which do not store electronic cardholder data. This is not for e-commerce activities.
Organizations that are implementing CMMC 2.0 Level 1 security controls must create and implement a set of policies and procedures used to implement CUI data security based upon the CMMC 2.0 – Level 1 IT Security Framework.
Organizations that are implementing CMMC 2.0 Level 2 security controls must create and implement a set of policies and procedures used to implement CUI data security based upon the CMMC 2.0 – Level 2 IT Security Framework.
The New York State Department of Financial Services (NYDFS) requires that all covered entities maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of their information systems.
Organizations that implement the Cyber Essentials (Plus) controls must create and implement a set of policies and procedures that are used to certify and protect businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the Cyber Essentials (Plus) certification completed with real data. The certification defines a focused set […]
One of the first requirements is to have a set of policies and procedures used to implement Personal Data privacy protection, security, and compliance with UK GDPR.
One of the first requirements is to have a set of policies and procedures used to implement Personal Data privacy protection, security, and compliance with EU GDPR.
Organizations that implement the Essential 8 controls must create a set of policies and procedures that are used to certify and protect Australian businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the organization follow the Essential 8 framework maturity scale, which is comprised of three levels. This report […]
Organizations that implement the Essential 8 controls must create a set of policies and procedures that are used to certify and protect Australian businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the organization follow the Essential 8 framework maturity scale, which is comprised of three levels. This report […]
Organizations that implement the Essential 8 controls must create a set of policies and procedures that are used to certify and protect Australian businesses against the growing threat of cyber-attacks. The report gathers the necessary evidence to have the organization follow the Essential 8 framework maturity scale, which is comprised of three levels. This report […]
Cyber-insurance is a specialty insurance product intended to protect businesses from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities. Compliance Manager GRC is the first software solution that allows cyber-insurance policyholders to systematically provide compliance policy and procedure documentation, which is the foundation of any compliance program, both in […]
This report can be generated from the requirements assessment for any standard you are managing. It. compiles compliance information from automated scans, augmented data, and questionnaires. gathers evidence into one document to back up Assessor Checklist with real data.
The Assessor’s Checklist gives you a high-level overview of how well the organization complies with the specific standard being managed. A separate Auditor’s check list can be generated for any Standard — whether from one of the built-in government and industry templates, or your own custom set of Requirements and Controls. The checklist details specific […]
This report prioritizes the discovered IT security risks and provides recommendations on remediation steps.
Identifies what protections are in place and where there is a need for more. It includes a list of items that must be remediated to ensure the security and confidentiality of sensitive data at rest and/or during its transmission.
This report includes details about all assets, configurations and users uncovered during the network, computer endpoint and MS Cloud scanning process.
This report is a dynamic project plan spreadsheet document, fed by Compliance Manager GRC, that includes separate tabs of Technical Issues, Control Issues and Standards Issues. It’s prepopulated with the issue (weakness), how it was identified, along with the Control ID and description. Use this document as a simple project planner to fully implement an IT […]
The Datto Unified Continuity Report, the first (and currently only) report that consolidates backup data from all four Datto Continuity services, including Siris and Alto (BCDR), Cloud Continuity for PCs (CC4PC), and Datto Continuity for Microsoft Azure (DCMA). This new report, available only through Network Detective Pro, consolidates back-up information from all four Datto products […]
This report provides details on the latest backup statuses from Unitrends, which consolidates multiple backup solutions, and is designed to provide documentation of backup activity and assurance of backups. Data for this report is imported directly into the Compliance Manager GRC site data from the Unitrends console.
Even though CMMC 2.0 has been launched, US Department of Defense still requires all subcontractors to perform a self-assessment against the NIST SP 800-171 requirements, and to score themselves based on a specific set of rules. Compliance Manager GRC includes the 800-171 assessment standard and automatically scores the assessment based on the DOC rules. This […]
The System Security Plan (SSP) is a requirement of CMMC 2.0, and can be used to as a formal document to support many other standards and frameworks. This formal report provides an overview of the security requirements for your information system and describes the security controls in place or planned for meeting those requirements.
This worksheet is used to document the “criticality” of the applications identified as being installed on the computer endpoints operating within the network.
The worksheet is used to augment the user data that was collected during the internal network scan. Complete the worksheet to provide the additional information requested.
The worksheet is used to augment the asset data that was collected during the internal network scan. Details include the asset owner, acceptable use, environment, backup agent status, as well as device and asset criticality classification. The asset criticality classification is used to determine the risk to the organization in the event of a security […]
This worksheet is used to document external information systems used by your organization. Add entries for each external information system along with a description, purpose for using the system, name of the business owner of the system, along with its criticality. Examples of external information systems include Salesforce, QuickBooks Online, and Microsoft 365.
This report helps verify the effectiveness of the client’s patch management program. The report uses scan data to detail which patches are missing on the network.
Includes details about all assets, configurations and users uncovered during the network, computer endpoint and MS Cloud scanning process organized and presented into separate tabs in Excel for any use.
These operating procedures are custom built and generated based on the policies that an organization has selected in Compliance Manager GRC Policy Builder. The generated policies and procedures document the procedures and controls that are to be implemented by the organization in order to meet IT Security and/or regulatory requirements. Each common control is mapped […]
When a Compliance Manager GRC Site is integrated with VulScan during the Technical Review assessment process, a comprehensive report is generated including identified security holes and warnings, and informational items including CVSS scores from VulScan’s point-of-view. The VulScan internal vulnerability scan operates behind the firewall to identify and expose real and potential vulnerabilities inside the […]
When a Compliance Manager GRC Site is integrated with VulScan during the Technical Review assessment process, a detailed report is generated showing security holes and warnings, informational items including CVSS scores as scanned by VulScan from outside the target network. External vulnerabilities could allow a malicious attacker access to the internal network.