Metrics

What are Metrics?

Metrics is a customisable feature that can be enabled upon request for the Enterprise Risk Management and Information Security modules. Metrics was created to work with section 9.1 within the ISO27001 Standard. It allows you to monitor certain areas around a control or risk guiding the assessment of a control maturity, risk evaluation or treatment plan.

Metrics has its own report or the details of a metric, if linked to a control or risk will show in the risk register report.

Creating a Metric

When metrics is turned on it will be available from the 'Organisation' dropdown listed under 'Organisation Setup' and 'Assets'. The metric can be assigned to a specific division if required and an owner nominated to ensure accountable updates.

Metric Configuration allows you to decide to set boundaries or comparison values.
Boundaries allow you to select multiple levels varying in value (standard numbers or percentage) Comparison is a 'success' or 'failure' indication using standard numbering or percentage.

A time frame can be set in which the metric should be updated, the frequency will result in notifications being emailed to the owner to prompt updates.