Good Enough IT Risk Management

New compliance planning tool gives information security managers an automatic plan

[fa icon="calendar"] Wednesday, 01 May 2019 / by Jakob Holm Hansen

There used to be many unknown factors for information security managers to take into account when implementing and maintaining a security standard. That is no longer the case. A new planning tool from Neupart, neupartOne, creates a well-arranged plan for the compliance work and automatically combines all the tasks in a single annual plan.

When the information security manager is asked to implement a new security standard, a number of questions immediately arise.

At what level should the security standard be implemented? Is the organisation merely supposed to comply with some general guidelines; is the organisation supposed to comply with all the main provisions, or is certification the aim? Exactly what tasks will have to be carried out, and how can these tasks be formulated? Who will be performing the tasks – the information security manager alone, or will a team be put together? How long will it take to implement? And how do you maintain the security standard once the implementation phase has been completed?

Get a free trial of neupartOne

Automatic project and maintenance plan

To assist the information security manager, Neupart has designed the planning tool neupartOne.

“It’s easy to doubt whether you are doing the right thing when implementing a security standard and managing a compliance programme. One of the advantages of neupartOne is that it narrows right down the broad scope for interpretation. The information security manager doesn’t need to make a whole lot of decisions. The solution indicates what should be done and when, so that you don't waste time doing something that isn’t necessary,” says Nicolai Hirschsprung Simonsen, consultant for Neupart.

Let the tool do the work

Nicolai Hirschsprung Simonsen uses the ISO standards as an example.

“They are written in a language that can deter even the best of us. Because what are they actually saying, and what does it mean? In addition, the ISO standards only describe those requirements that must be met in order to be certified according to the standard in question. However, the level of implementation is not only too sweeping for most organisations, there is also no description of how to comply with the requirements. You have to figure that out yourself,” says Nicolai Hirschsprung Simonsen.

“The point is that previously the information security manager was responsible for formulating each individual task in the compliance programme, entering the tasks in the calendar and estimating the annual resource consumption. In neupartOne all this work is done automatically.”

Based on three simple questions

neupartOne is a planning tool for people whose main competences are not necessarily in the field of project management. The tool helps translate something intangible into an operational plan.

The first time you log on to neupartOne, you are asked to answer three simple questions in a wizard:

  • Which security standard(s) do you want to implement?
  • What is your level of ambition with implementation of the standard(s)?
  • What language do you want your neupartOne in?

Based on the answers, neupartOne automatically produces a full project plan covering both implementation and subsequent maintenance of the compliance programme in a single annual plan, which the information security manager can use in the day-to-day work.

“The project plan also serves as documentation and can be shown to the head of department, general management, the executive board, business partners, authorities and others who are interested in knowing how the organisation manages its information security. The level of interest will only grow in the coming years, as information security becomes more and more important in both private and public companies,” Nicolai Hirschsprung Simonsen concludes.

neupartOne is a planning tool that helps implement security standards, document and visualise progress and maintain a compliance programme in a single annual plan for information security.
Read more about neupartOne here and learn how to get started

Get a free trial of Neupart’s new planning tool neupartOne

Learn more and get your trial here


Emner: Information Security Management, annual plan, compliance programme

Good enough IT risk management

The Neupart blog offers advice and knowledge of effective information security management, security strategies, risk management, compliance with information security standards and other requirements, business continuity planning, ISO2700x, EU Data Protection Regulation, PCI DSS, etc.

Popular Posts