Issues Management in Hyperproof: How It Works and How It Can Help You

Editor’s note: this article was co-authored by product experts Jingcong Zhao and Lisa Bielik.

It doesn’t matter what you call them – issues, findings, exceptions, non-conformities, deficiencies or something else – discovering a problem during an audit is an alarming situation that you’d rather avoid. To improve your chance of passing an infosec compliance audit, issues ought to be identified and remediated in advance of the audit.

Because remediating an issue often requires multiple people and days (or months) of work, visibility on progress is absolutely vital. Hyperproof is a continuous compliance operations platform, and we’ve built functionality to help your organization efficiently document and address issues well before your organization enters its audit season.

How Our Issues Management Feature Can Help You

Hyperproof’s Issues Management feature makes managing issues easy and quick.

Now you may be thinking, we track issues in spreadsheets. Does Hyperproof do something more valuable than that? 

The answer is a resounding, “Yes.”

Hyperproof allows you to track issues in context of everything else you care about. You can create issues on all major Hyperproof objects and modules:

  • A program 
  • A particular control 
  • An audit
  • An individual audit request 
  • A label
  • In the risk register 
  • A risk item within a risk register

This means that an issue can be created once and linked to its related multiple objects. For instance, you may document one issue one time that addresses three audit findings, or you may create one issue that’s linked to a couple of controls and a risk in Hyperproof. 

Linking an issue to the objects that issue relates to provides another benefit: it allows you to automatically identify the problematic areas in your compliance/risk management program that need attention.

Hyperproof can automatically calculate and update the health of your controls, risks and programs based on variables like freshness of evidence, number of tasks, and number of past due tasks linked to an object. It’s no different with issues: you can configure Hyperproof to automatically update the health of controls and risks (when they are linked to controls) in your account based on properties on issues. For instance, you may want to see controls show up as “at risk” if they are linked to open issues, or you may want to see controls as “critical” if you have linked open issues that are also past due.

An example of control health monitoring with two at risk controls and one past due control.

How to Create and Monitor Issues in Hyperproof

Creating an Issue

You can create an issue on the following objects and modules: programs, controls, labels, audit requests, risks and vendors. You can also create an issue from the My Work page, but the issue must be linked to a source (e.g., a control).

An example of an issue created.

Each issue comes with a standard set of fields to be filled out:

  • The Summary field where you can enter a summary of the issue and the potential result if the issue isn’t remediated (required) 
  • A Description field where you can detail the issue 
  • The Action Plan field where you can enter the team’s plan to remediate the issue (Note: You may choose to link Tasks to the issue as an alternative way to document your remediation plan)  
  • The Impact drop-down where you can enter the impact this issue has on your organization if it isn’t resolved 
  • The Assignee drop-down menu to select the individual responsible for the issue 
  • Business Owner drop-down menu to select the individual who owns the issue
  • The Status drop-down menu to select a status that represents the current state of the issue
  • The Due Date field to indicate the date in which the remediation should be completed 
  • The Discovered On field to indicate the date in which the issue was discovered

You can also add custom fields to issues to track other properties that are important to you. Some of the popular additional fields our customers use include:

  • Source category 
  • Team
  • Issue type 
  • Source sub-category
  • Group 
  • Year
  • Criticality 
  • Business unit

Importing Issues

You can easily import your organization’s issues via CSV.

Adding a New User to an Issue

To view an issue, a user must be a member of the issue’s related object (e.g., a control or directly added to the facepile). If you want to see all issues in an organization, you must either be a member of all objects or be added to all issues directly by the individuals who create them. Additionally, we recommend for Hyperproof Administrators to be members of all related objects so they do not miss any issues. 

To see details on roles and permissions on issues, see our product documentation.

Linking Objects to an Issue

You can link the following objects to an issue:

  • Proof: this could be documents showing that the activities in your Action Plan had been completed. 
  • Tasks: instead of using the native Action Plan field in issues, you may choose to add Tasks to the issue as an alternative way to track remediation of an issue.
  • Affected Objects: these are objects whose health can be affected or impacted by an issue. Affected objects include Programs, Controls, Labels, Audits, Risk, Vendor, or My Work. For controls and labels, you must select the control or label you want the issue linked to.
You can add Tasks to an issue as an alternative way to track remediation of an issue.

Customizing Health Rules Based on Issues

By default, if you have a past due issue linked to a control, the control is automatically labeled as At risk regardless of the control’s other health settings, e.g. implementation status, freshness status, etc. However, administrators in Hyperproof can modify this rule via Settings > Health

For more information on how controls affect the overall health of your program, please refer to our help article, Managing the Health of Your Program. For steps on how to customize the default health settings, please refer to Customizing the Health of Your Program.

Viewing Issues on Dashboards

Hyperproof provides multiple views to help you quickly see what issues are outstanding and which ones need work. You can see an overview of all issues you’ve created or been assigned to in the Issues tab of the My Work page. You can find an Issues tab under each program, audit, label or risk register if you’ve created issues that are linked to these objects.

You can view your issues on dashboards for complete visibility to the work you have in progress.

Exporting Issues

Certain compliance authorities and governing bodies need to see your POA&M (plan of action and milestones) in a specific format. If you’re using Hyperproof to track and manage issues, you can export all the issues you want to export in bulk as a formatted report in a couple of clicks. 

What’s Next for Issues Management

There are a lot of exciting future updates to Issues Management planned that will make it even more powerful!

Hyperproof has made it our priority to build the world’s most flexible, efficient, and powerful platform for managing compliance, risk management, and audit workflows. Rolling out an issues management system in our platform helps our customers stress less knowing that they have a single place and an efficient means to track and manage all remediation projects.  

In the coming months, we will continue to make enhancements to our project management functionality to make this aspect of the platform increasingly valuable to our customers.  For instance, we’ll release a new My Work overview dashboard that highlights issues and all other outstanding work items in an organization in a clear, actionable manner for all parties that work on compliance and risk projects.

Want to see how you can make efficiency a competitive advantage for your compliance program? 

Book a demo of Hyperproof today.

The post Issues Management in Hyperproof: How It Works and How It Can Help You appeared first on Hyperproof.

*** This is a Security Bloggers Network syndicated blog from Hyperproof authored by Jingcong Zhao. Read the original post at: