The Need
The purpose of the system is to reduce a time consuming in-person interview process. This will allow client to accomplish get results quicker during an assessment process, more thoroughly analyze the data, reduce paper waste and provide more consistent and complete documentation. The client also benefits from this application by allowing them to participate in the assessment process while lessening the impact of their busy work schedules.
The Product Overview
The application is to be a secure web-based questionnaire and reporting system. By answering the questions, users of an organization will be identifying their current security posture and establishing a security baseline to measure progress over time. The user will be required to select checkboxes that indicate the level of compliance within their organization to each specific question. The questions are to be based on industry standards used in information security, specifically NIST SP 800-26, ISO 17799/BS 7799, SOX, and HIPPA. The questionnaire will be divided into multiple sections covering the control topics prescribed in these industry standards.