Programs

The Programs module contains the different Programs an Organization can step through to identify how the Organization is meeting, not meeting, or partially meeting Controls for the Program. Please see the Offerings Articles to identify what Programs are available to the Organization and it's Subscription. 

This is what the Programs module looks like once Programs have been assigned:

TABLE OF CONTENTS

• Introduction
• Summary
• Controls
• Tasks
• Evidence

Introduction

In the following video, take a look as an Onboarding Coach provides step-by-step instructions on how to access and manage different Programs in The Guard. They will explain where to find the Programs Module, how access the Summary, Controls, Tasks, and Evidence inside a Program, and additional features included with managing your Programs and Controls. 

When a Program has been created, select Manage to open the Control and view the Summary, Controls, Tasks, and Evidence related to that Program.

• Summary - Shows the overall progress of the Program

• Controls - Tools for managing action items for the Program

• Tasks - Allows action items to be marked as Pending or Complete

• Evidence - Upload documentation for proof of compliance

A Program can have multiple Team Members. By-default, the individual that Starts a New Program will become a Contributor of the Program. Additional Team Members can be added as Contributors - this can be done during the creation of the program or after. The individual that Starts a New Program will, by-default, be assigned to ALL Controls in the Program, but this assignment can be changed at any point in time. 

• After a Program has been created, there is a 3-Dot Menu Button located on the Program Tile that can be selected, which then opens a menu and provides the following options: Manage Team, Program History, Duplicate, and Archive
  • Manage Team - Adds Contributors to the Program. Contributors can be assigned to Controls and Tasks and help the Owner of the Program manage it.
  • Program History - Displays history of changes for the Program
  • Duplicate - Allows Team Members to Duplicate the Program
  • Archive - Allows Team Members to Archive the program - Archived Programs can be Reactivated, if needed.
• After opening the Program, the same Options (detailed above) are available via the Options menu in the top-right corner of the page, with the addition of:
  • Snapshot Report - The snapshot report summarizes a program's controls, the control statuses, their associated risk, and assigned tasks. The export reflects the state of a program on the selected snapshot date. Report is currently generated as a CSV. 
  • Download Evidence - Allows Team Members to download a .zip file that contains all currently uploaded Evidence in the Program

Summary

The Summary tab provides a visual breakdown of the metrics gathered for the Program. 

• Program Readiness - Displays a graph showing the Percentage of Critical Controls Met, Total Controls Met, and a breakdown of All Control statuses

  • Critical Controls - Each Program may have Critical Controls identified by a Control Owner/Contributor or by-default. The Critical Controls identified are usually high-priority items the Organization is focused on meeting. This percentage is gathered based only on the Total Number of Critical Controls identified and ‘Met’

  • Total Controls Met - All Controls with the ‘Met’ status. This percentage is gathered based on the overall set of Controls.

• Progress By Type - Displays progress bars related to the Types of Controls being addressed overall. Administrative, Technical, and Physical, for example. 

• Open Tasks - Displays the number of Open Tasks that have been assigned from the Controls

• Risk Analysis - Displays an Analysis of the Risk Values identified in the Controls

  • Consider identifying the Risk Analysis Section when released; Any additional details for Risk Analysis may be a separate KB detailing HOW Risk Analysis is calculated

• Adopted Policies & Procedures - Displays the number of Adopted Policies & Procedures for the Controls

• Controls Freshness - Displays the “freshness” score calculated by each Control’s “Freshness” - Each Control is provided a default “Freshness” Score indicating that a Control is “On Track” to be reviewed on a certain date in the future. As Organizations manage the Controls, the “Freshness” of certain Controls may change over time. Some Controls may be identified as needing to be reviewed more frequently and for those that are Due or Overdue for review, The Guard will update the “freshness” accordingly. A Control’s Review Schedule can be set on the Control itself by the Control Owner/Contributors in order to adjust how frequently the Organization needs to review a given Control.

Controls

The Controls tab provides a visual breakdown of statistics at the top of the page, just like the Summary tab. This will also identify which Program is being worked on at the top. There is an Options dropdown that will be discussed further down. The Controls area is really where an Organization can work and manage each and every Control under the Program. Each Program has its own set of Controls that need to be reviewed and addressed. 

The table of Controls lists the following information:

• Control - The Control Code (DS-1.1, for example), Description of the Control (To view the whole description, select the control and hove over the Control Description at the top of the sidebar), Associated Standards (HIPAA, OSHA, SOC2, etc)

  • The Star icon next to the Control Code can be selected to mark a Control as a Critical Control - Any Controls can be marked as “Critical Controls” if the Organization chooses to do so

• Status - The Status of the Control - Met, Not Met, Partially Met, and N/A

  • Met - The Control has been Met by the Organization

  • Not Met - The Control is Not Met by the Organization

  • Partially Met - The Control has been Partially Met by the Organization

  • N/A - The Control is Not Applicable to the Organization

• Risk Rating - The identification of Risk for the specific Control. Risk Rating considers Likelihood and Impact

  • Likelihood - The likelihood that an issue could arise related to the Control

    • Rare, Unlikely, Possible, Likely, and Almost Certain

  • Impact - The impact that an issue has related to the Control

    • Minimal, Minor, Moderate, Major, and Catastrophic

  • Each of the above identifiers will calculate a value in the Software, to be represented in the Risk Analysis graph on the Summary and main Controls pages. Later, this will be displayed in the Risk Analysis Module separately. 

• Freshness - By-default, Controls will all have an “On Track” Freshness score. The Freshness score is dynamic and will adjust based on the Control Review Schedule specified for each Control. 

  • On Track - The Organization has specified a Review Date and the Control is set to be reviewed on-time

  • Review Due - The Control’s Review Date is Due

  • Overdue - The Control’s Review Date is Overdue and needs to be reviewed

• Tasks - The number of Tasks that the Organization has assigned related to the Control. No Tasks are assigned by-default; and any Tasks that do get assigned, the table will reflect Complete vs Total. For example, 1 out of 1, 0 out of 5, etc. 

• Category - The Type of Control - Administrative, Technical, Physical

• Assignee - The “Owner” of that Control - The Assignee of a Control can be changed. Only Team Members added to the Program as Contributors may be assigned to Controls.

• Updated - Last date the Control was updated

The Table can also be Searched via the Search Bar at the top-left corner of the table. Multiple Controls may also be selected and Bulk Updated via the Response to All and Risk Rating to All dropdowns. 

For Guidance on Managing Controls, please see the KB Article here: Controls - Managing a Control

Tasks

The Tasks tab provides a Kanban Board (https://en.wikipedia.org/wiki/Kanban_board) that displays any/all Tasks generated by the Controls area and allows the Control Owner/Contributors to create New Tasks from this area as well. 

The Kanban board is set up with 3 Columns: To Do, In Progress, and Done - Each column will display each task that has been generated from a Control. A Control Owner/Contributor may select the individual tasks, as well as drag-and-drop them to change their status. 

• To-Do - A newly created Task that needs to be addressed

• In Progress - A Task that is being worked

• Done - A task that has been fulfilled and marked complete

Selecting the individual task will open a quick edit window where the Control Owner/Contributors can effectively work the tasks and add details. There are a few options available in this window:

• Task - The Tasks Title

• Detail - Additional details related to the task

• Notes - Notes submission - Submitting a note will add it below the Notes entry and identify Who and When, as well as the Notes details

• Assignee - Can be changed to the Control Owner/Contributors added to the Team for the Program

• Status - To-Do, In Progress, and Done

• Control - The associated Control for this task

• Target Date - Specified “Target Date” - Can be changed once set; Allows Organization to specify its Target Date/Deadline for the Task

• Evidence - Allows for Evidence Upload for the specific Task

Evidence

The Evidence tab provides Program Team Members a place to Add Evidence as well as view Evidence uploaded from Controls and Tasks. 

Selecting Add Evidence will provide a new window where the Program Owner/Contributors may identify the Control the Evidence needs to be attached to and a way to upload that Evidence.