Programs
The Programs module contains the different Programs an Organization can use to identify how the Organization is meeting, not meeting, or partially meeting Controls for the Program. Please speak with a Customer Success Manager, Customer Onboarding Specialist, or Support to identify what Programs are available to the Organization and its Subscription.
This is what the Programs module looks like once Programs have been assigned:
For Smaller Practices that only have the HIPAA for Small Practices Program:
TABLE OF CONTENTS
Introduction
In the following video, take a look as an Customer Onboarding Specialist provides step-by-step instructions on how to access and manage different Programs in The Guard. They will explain where to find the Programs Module, how access the Summary, Controls, Tasks, and Evidence inside a Program, and additional features included with managing your Programs and Controls.
When a Program has been created, select Manage to open the Control and view the Summary, Controls, Tasks, and Evidence related to that Program.
Summary - Shows the overall progress of the Program
Controls - Tools for managing action items for the Program
Tasks - Allows action items to be marked as Pending or Complete
Evidence - Upload documentation for proof of compliance
A Program can have multiple Team Members. By-default, the individual that Starts a New Program will become a Contributor of the Program automatically. Additional Team Members can be added as Contributors - this can be done during the creation of the program or after. The individual that Starts a New Program will, by-default, be assigned to ALL Controls in the Program, but this assignment can be changed at any point in time.
- After a Program has been created, there is a 3-Dot Menu Button located on the Program Tile that can be selected, which then opens a menu and provides the following options: Manage Team, Program History, Duplicate, and Archive
- Manage Team - Adds Contributors to the Program. Contributors can be assigned to Controls and Tasks and help the Owner of the Program manage it.
- Program History - Displays history of changes for the Program
- Download Evidence - Compiles a .zip of all uploaded Evidence for that Program
- Duplicate - Allows Team Members to Duplicate the Program
- Archive - Allows Team Members to Archive the program - Archived Programs can be Reactivated, if needed.
- After opening the Program, the same Options (detailed above) are available via the Options menu in the top-right corner of the page, with the addition of:
- Snapshot Report - The snapshot report summarizes a program's controls, the control statuses, their associated risk, and assigned tasks. The export reflects the state of a program on the selected snapshot date. Report is currently generated as a CSV.
Summary
The Summary tab provides a visual breakdown of the metrics gathered for the Program.
Program Readiness - Displays a graph showing the Percentage of Critical Controls Met, Total Controls Met, and a breakdown of All Control statuses
Critical Controls - Each Program may have Critical Controls identified by a Control Owner/Contributor or by-default. The Critical Controls identified are usually high-priority items the Organization is focused on meeting. This percentage is gathered based only on the Total Number of Critical Controls identified and ‘Met’
Total Controls Met - All Controls with the ‘Met’ status. This percentage is gathered based on the overall set of Controls.
Progress By Type - Displays progress bars related to the Types of Controls being addressed overall. Administrative, Technical, and Physical, for example.
Open Tasks - Displays the number of Open Tasks that have been assigned from the Controls
Risk Analysis - Displays an Analysis of the Risk Values identified in the Controls - this is calculated automatically by the Impact/Likelihood selections made for each Control.
Active Policies & Documents - Displays the number of Active Policies & Documents for the Controls.
Controls Freshness - Displays the “freshness” score calculated by each Control’s “Freshness” - Each Control is provided a default “Freshness” Score indicating that a Control is “On Track” to be reviewed on a certain date in the future. As Organizations manage the Controls, the “Freshness” of certain Controls may change over time. Some Controls may be identified as needing to be reviewed more frequently and for those that are Due or Overdue for review, The Guard will update the “freshness” accordingly. A Control’s Review Schedule can be set on the Control itself by the Control Owner/Contributors in order to adjust how frequently the Organization needs to review a given Control.
Controls
The Controls tab provides a visual breakdown of statistics at the top of the page, just like the Summary tab. This will also identify which Program is being worked on at the top. There is an Options dropdown that will be discussed further down. The Controls area is really where an Organization can work and manage each and every Control under the Program. Each Program has its own set of Controls that need to be reviewed and addressed.
The table of Controls lists the following information:
Control - The Control Code (DS-1.1, for example), Description of the Control (To view the whole description, select the control and hove over the Control Description at the top of the sidebar), Associated Standards (HIPAA, OSHA, SOC2, etc)
The Star icon next to the Control Code can be selected to mark a Control as a Critical Control - Any Controls can be marked as “Critical Controls” if the Organization chooses to do so
Status - The Status of the Control - Met, Not Met, Partially Met, and N/A
Met - The Control has been Met by the Organization
Not Met - The Control is Not Met by the Organization
Partially Met - The Control has been Partially Met by the Organization
N/A - The Control is Not Applicable to the Organization
Risk Rating - The identification of Risk for the specific Control. Risk Rating considers Likelihood and Impact
Likelihood - The likelihood that an issue could arise related to the Control
Rare, Unlikely, Possible, Likely, and Almost Certain
Impact - The impact that an issue has related to the Control
Minimal, Minor, Moderate, Major, and Catastrophic
Each of the above identifiers will calculate a value in the Software, to be represented in the Risk Analysis graph on the Summary and main Controls pages. Later, this will be displayed in the Risk Analysis Module separately.
For more information on identifying Risk, we recommend reviewing this KB Article: How to Conduct a Security Risk Assessment
Freshness - By-default, Controls will all have an “On Track” Freshness score. The Freshness score is dynamic and will adjust based on the Control Review Schedule specified for each Control.
On Track - The Organization has specified a Review Date and the Control is set to be reviewed on-time
Review Due - The Control’s Review Date is Due
Overdue - The Control’s Review Date is Overdue and needs to be reviewed
Tasks - The number of Tasks that the Organization has assigned related to the Control. No Tasks are assigned by-default; and any Tasks that do get assigned, the table will reflect Complete vs Total. For example, 1 out of 1, 0 out of 5, etc.
Category - The Type of Control - Administrative, Technical, Physical
Assignee - The “Owner” of that Control - The Assignee of a Control can be changed. Only Team Members added to the Program as Contributors may be assigned to Controls.
Updated - Last date the Control was updated
The Table can also be Searched via the Search Bar at the top-left corner of the table. Multiple Controls may also be selected and Bulk Updated via the Response to All and Risk Rating to All dropdowns.
For Guidance on Managing Controls, please see the KB Article here: Controls - Managing a Control
Tasks
The Tasks tab provides a Kanban Board (https://en.wikipedia.org/wiki/Kanban_board) that displays any/all Tasks generated by the Controls area and allows the Control Owner/Contributors to create New Tasks from this area as well.
The Kanban board is set up with 3 Columns: To Do, In Progress, and Done - Each column will display each task that has been generated from a Control. A Control Owner/Contributor may select the individual tasks, as well as drag-and-drop them to change their status.
To-Do - A newly created Task that needs to be addressed
In Progress - A Task that is being worked
Done - A task that has been fulfilled and marked complete
Selecting the individual task will open a quick edit window where the Control Owner/Contributors can effectively work the tasks and add details. There are a few options available in this window:
Task - The Tasks Title
Detail - Additional details related to the task
Notes - Notes submission - Submitting a note will add it below the Notes entry and identify Who and When, as well as the Notes details
Assignee - Can be changed to the Control Owner/Contributors added to the Team for the Program
Status - To-Do, In Progress, and Done
Control - The associated Control for this task
Target Date - Specified “Target Date” - Can be changed once set; Allows Organization to specify its Target Date/Deadline for the Task
Evidence - Allows for Evidence Upload for the specific Task
Evidence
The Evidence tab provides Program Team Members a place to Add Evidence as well as view Evidence uploaded from Controls and Tasks.
Selecting Add Evidence will provide a new window where the Program Owner/Contributors may identify the Control the Evidence needs to be attached to and a way to upload that Evidence.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article