Trustero Dashboard: KPIs Overview and Guidance

An overview and guide for adopting and using the Trustero Dashboard to meet the InfoSec Control KPI objective

Objective

This document provides a structured outline to help you evaluate the performance and the effectiveness of controls based on predefined metrics.

Scope

Key Performance Indicators ensure that your controls are addressing risk and meeting compliance requirements. Once KPIs are set up, you can monitor the performance and effectiveness of compliance controls.

1. Establish KPIs to ensure controls are adequately addressing risk and meeting compliance requirements.
2. Monitor KPIs to detect and identify issues like non-compliance or inadequate internal controls.
3. Respond to and evaluate identified issues to determine if corrective actions need to be taken.

Guidance Outline

1. Dashboard Overview
   • The Trustero Continuous Compliance Dashboard is a versatile platform designed to support the monitoring and management of any type of control that organizations need to keep audit-ready or continuously monitor for operational effectiveness. 
   • Key sections of the dashboard include:
     • Services: Number of documented services.
     • Policies Ready: Progress on assigned and linked controls to policies.
     • Controls Prepared: Status of control documentation and readiness.
     • Company Info: Documentation status of company information.
     • Risks Registered: Overview of identified risks and their management status.
2. Status of Controls
   • This section provides a detailed breakdown of controls by department, indicating their current status such as 'Audit Ready', 'Needs Attention', or 'Accepted'.
   • Departments displayed include Engineering, Executive Management, HR, and IT.
   • This section is used to monitor department-specific progress and identify areas requiring attention.
3. KPI Tracking
   • Services: Ensure all services are documented and up to date.
   • Policies and Controls: Aim for a 100% ratio of 'Policies Ready' and 'Controls Prepared', indicating that all controls are assigned, documented, and evidence is ready for review.
   • Risk Management: Strive for a complete assignment of inherent risks and ensure all are ready for action. ("Risks Registered" should ideally be at the total number of identified risks.)
4. Performance Metrics
   1. Control Checks: Once you have achieved continuous compliance monitoring (with Trustero AI scans or tests run at least every 30 days) Control Checks helps you zero in on the ideal of having no issues in the controls.
   2. Recent Activities: Monitor changes and updates made to the controls and policies to ensure continuous compliance and up-to-date documentation.
5. Actionable Insights

   • Immediate Action Items: Address any controls that have failed tests or are marked as "'Needs Attention."

   • Change Awareness: The "Recent Activities" log is available to provide insights into user activities and automated updates. It captures every change made by users, as well as updates from automated evidence sources such as receptors and integrated connectors.

6. Continuous Improvement
   • KPI drivers: Use the KPIs as drivers for continuous improvement in your information security posture.
   • Calendar reviews: Regularly scheduled reviews should be conducted using the dashboard metrics to drive policy updates, control improvements, and risk management enhancements.
7. Documentation and Reporting
   • Track KPIs over time: Maintain comprehensive records of all KPIs and their statuses for internal auditing purposes and external audit readiness.
   • Export reports: Use the Trustero Dashboard’s export features to generate reports for management review and audit trails.

Review and adjust

This guidance should be reviewed and maintained to ensure that KPIs remain relevant and aligned with the organization’s risk management and compliance objectives. Adjustments should be made in response to changes in the risk environment, regulatory updates, or operational shifts.