Feature/Functionality

ASCENT

Standard

ASCENT

Professional

ASCENT

Enterprise

DAILY WELCOME PAGE

  • Dashboard: Displays Controls in Place, Controls Not in Place, Overdue Controls, and Upcoming Controls.

  • All Overdues Tasks: Show all overdues tasks for the organization.  Views include showing tasks due today, tasks due in the next 2 days, and tasks due within the next 5 days.

  • My Overdue Tasks:  Shows overdue tasks assigned to the user logged into the Portal.  Views include showing tasks due today, tasks due in the next 2 days, and tasks due within the next 5 days.

  • Reference Library:  Contains reference materials related to the ASCENT Portal.

  • Release Notes:  Contains release note related to recent releases and the improvements made to the ASCENT Portal.

  • News:  Contains the latest news related to the world of Security and Compliance.

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

ASSESSMENT AND COMPLIANCE

  • Dashboard:  Shows Overall Risk Score, Monthly Score Trend, Control Status Breakdown, and individual Control Family Score.

  • Evergreen Assessment Questionnaire:  Contain the assessment questions divided into 14 control family.  Dashboard show the assessment questionnaire completion status.
     

  • Security Compliance Calendar:  Monthly, weekly, or daily view into recurring control status.  

  • Control Library:  Contains every completed control that requires evidentiary support.  Artifacts can be exported to demonstrate compliance.

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

Included

GOVERNANCE

  • Policies:  14 policy baselines are provided for editing and branding by your organization.  Policies are stored within the Portal and available to all authorized users.
     

  • Standards:  14 standard baselines to support policy implementation within your organization.  Standards are stored within the Portal and available to all authorized users.
     

  • Plans and Procedures:  An Incident Response Plan baseline is provided for editing and branding by your organization.  Any organizational plans and procedures can also be stored within this area.  The Incident Response Plan and organizational documents are stored within the Portal and available to all authorized users.

Included

Included

Included

Included

Included

Included

Included

Included

Included

  • Incident Response:  This functionality enables your organization to log and track all incident entirely within the Portal.  Incident completion is tracked for every active incident.  All functionality contained within the Incident Response Plan is included in this automated tracking and reporting function.

  • Exception Management:  This section contains an Exception Management Procedure and Exception Request form to request and manage exception to policy controls.  All artifacts can be stored within this area of the Portal.

Not Included

Included

Included

Not Included

Included

Included

BUSINESS CONTINUITY

  • Business Continuity Strategic Plan:  A baseline strategic plan for how your organization manages business continuity.  The plan can be modified and branded to fit your organization.  The plan stored within the Portal will be available to all authorized users.
     

  • BC/DR Plans:  A BC/DR Plan template is provided to your organization for completion and branding.  Once complete, the BC/DR Plan will be stored on the Portal and made available to all authorized users.
     

  • Call Trees:  A call tree template is provided for your organization to complete and make available for all authorized users for use during testing scenarios and disruptive events.
     

  • Test Scripts:  A BC/DR test script template is provided for your organization to complete and make available for all authorized users to support BC/DR testing that should occur annually.  
     

  • Test Reports:  A BC/DR Test Report template is provided for your organization to use during testing scenarios.  Once complete and posted after testing, the test reports will be made available to all authorized users for reference and evidence support.
     

  • Event Reports:  A BC/DR Event Report template is provided for your organization to document actual responses to BC/DR events.  Once complete and posted after testing, the test reports will be made available to all authorized users for reference and evidence support.

Not Included

Included

Included

Not Included

Included

Included

Not Included

Included

Included

Not Included

Included

Included

Not Included

Included

Included

Not Included

Included

Included

CYBERSECURITY

  • Cybersecurity Monitoring Plan:  A monitoring plan template is provided to your organization for editing and branding to capture what cybersecurity monitoring is being performed and who is accountable for cybersecurity monitoring.  This Plan is available to all authorized users for reference and modifications.
     

  • Network Diagrams:  This repository is provided to store network diagrams for authorized users to reference and keep diagrams current.
     

  • Risk & Vulnerability Register:  This repository is provided to organize and store risks and vulnerability that are important to your organization.  This area is available to authorized users for reference and remediation.
     

  • Cybersecurity Reporting:  The centralized repository is made available to store your organizations standard report received from antivirus protection, firewalls, intrusion prevention tools, or other reports that you wish to keep for future reference and trending.

Included

Included

Included

Included

VENDOR MANAGEMENT

Not Included

Not Included

Not Included

Not Included

Not Included

Not Included

Not Included

Not Included

  • Add New Vendor:  You can add an unlimited number of vendors to the Portal for tracking and artifact retention.

  • Vendor List:  Once added, Vendors are displayed in the Vendor List and the following folders for each are created:

    • Contracts:  Store current and historical contracts.

    • Preliminary Assessments:  A preliminary assessment template is provided to assess risk for each vendor.  Once complete, the preliminary assessments can be stored within the portal for reference and/or action by authorized users.

    • Due Diligence Questionnaires:  A due diligence assessment template is provided to assess risk for each vendor.  Once complete, the due diligence questionnaire can be stored within the portal for reference and/or action by authorized users.

  • Reference Library:  This repository enables you to store any appropriate vendor due diligence materials for reference by all authorized users.

Not Included

Not

Included

Included

Not Included

Not

Included

Included

Not Included

Not

Included

Included

Not Included

Not

Included

Included

Not Included

Not

Included

Included

Not Included

Not

Included

Included

AUDIT MANAGEMENT

  • Exam List:  This repository enables your organization to track past, present, and future exams and audits for the organization.
     

  • Exam List – ERL:  The repository enables you to store Evidence Request Lists (ERLs) from past, present, and future exams and audits.
     

  • Exam List – Artifacts:  The repository enables you to store artifacts provided to support past, present, and future exams and audits.
     

  • Exam List – Reports:  The repository enables you to store reports from past, present, and future exams and audits.

Not Included

Not

Included

Included

Not Included

Not

Included

Included

Not Included

Not

Included

Included

Not Included

Not

Included

Included

TRAINING

  • Training Procedure:  A Security Awareness Training Procedure template is provided to you for editing and branding.  Completed procedures can be stored within this area for continually reference and updates.
     

  • Training Reports:  This repository is provided to your organization to store past, present, and future training reports, regardless of who performed them.
     

  • All Employee Training:  A subset of training reports.
     

  • New Hire Training:  A subset of training reports.
     

  • Role-Base Training:  A subset of training reports.

Not Included

Not Included

Included

Not Included

Not Included

Included

Not Included

Not Included

Included

Not Included

Not Included

Included

Not Included

Not Included

Included

REPORTS

Not Included

Included

Included

  • Complete Risk Report:  You can generate a complete risk report any time for the organization.  This Portal functionality also enables all past, present and future reports to be kept for future reference and trending.
     

  • Metrics:  This repository provides a place for you to store all metrics your organization captures for centralized availability and tracking.
     

  • Status Reports:  Weekly status reports are delivered for the ASCENT Security Compliance Portal and will be stored in this area of the Portal.  Additionally, any authorized user can generate an ad-hoc report at any time and store those reports here as well.

  • Pre-Certification Reports:  ASCENT provides the ability to complete a pre-assessment of over 40 control frameworks (i.e., ISO 27001/27002, NIST, HIPAA, PCI-DSS, FFIEC, etc.)  All pre-certification report will be stored in this area of the Portal and made available for reference to authorized users.

Included

Included

Included

Included

Included

Included

Included

Included

Included