Provide Object Data in Table Management
Limited sample data is included with Cherwell ISMS as an example only. Users must provide their own values to existing Lookup Tables.
Data can be added, edited, and customized through Table Management. Additionally, .csv files can be used to upload data to the tables.
New Business Object values display in the Table Management interface. Use the Type drop-down list to switch between ISMS Lookup Objects.
ISMS Control Group Object
Create Control Groups that align with current industry standards such as FedRAMP:2014, ISO 27001:2013, and ISO 9001:2015. Specified Controls are later added to each Control Group. XXX Control Group is now a Lookup Table object, and populating this table is optional. You can use this to help group your controls for organizational purposes. This table is populated with a few examples from HIPAA and ISO 27001.
To provide Object data for the ISMS Control Group Object:
- On the CSM Desktop Client or Browser Client menu bar, select Tools > Table Management.
- In the Type drop-down list, select ISMS Control Group.
- Create a new Control Group or edit an existing Control Group.
Create a new Control Group:
- Right-click and select New.
- Provide a name for the control group. This can be the same as the name of one of the Authority Documents (example: ISO 27001:2013).
- (Optional) Provide a control group number.
- Provide a control group name.
- Edit an existing Control Group:
- Double-click any example control.
- Edit desired fields, and then select the Save button.
ISMS Risk Mitigation Questions Object
You must create Questions and assign Risk Values, Question Weight, and Question Sequence to use the Risk Assessment form. ISMS Risk Mitigation Questions and Threat Analysis Questions populate the Risk Assessment. It is recommended to align Risk Assessment Questions with current industry standards such as FedRAMP:2014, ISO 27001:2013, or ISO 9001:2015.
To provide Object data for the ISMS Risk Mitigation Questions Object:
- On the CSM Desktop Client or Browser Client menu bar, select Tools > Table Management.
- In the Type drop-down list, select ISMS Risk Mitigation Questions.
- Create a new Risk Mitigation Question or edit an existing question.
Create a new Risk Mitigation Question:
- Right-click and select New.
- Provide an industry standard question title and question details.
- Specify the question type.
- Provide a numeric risk value and sequence number based on industry standards.
- Select a value from the ISMS Risk Assessment Type drop-down list.
- Edit an example question:
- Double-click any example risk mitigation question.
- Edit desired fields, and then select the Save button.
- Repeat steps 1-4 above for ISMS Threat Analysis Questions.