The Need

The purpose of the system is to reduce a time consuming in-person interview process. This will allow client to accomplish get results quicker during an assessment process, more thoroughly analyze the data, reduce paper waste and provide more consistent and complete documentation. The client also benefits from this application by allowing them to participate in the assessment process while lessening the impact of their busy work schedules.

The Product Overview

The application is to be a secure web-based questionnaire and reporting system. By answering the questions, users of an organization will be identifying their current security posture and establishing a security baseline to measure progress over time. The user will be required to select checkboxes that indicate the level of compliance within their organization to each specific question. The questions are to be based on industry standards used in information security, specifically NIST SP 800-26, ISO 17799/BS 7799, SOX, and HIPPA. The questionnaire will be divided into multiple sections covering the control topics prescribed in these industry standards.

Features & Benefits
  • Administration interface for application configuration and user administration
  • Secure identification and authentication of web credentials to login to application (administrators/users)
  • Admin tools for administrative tasks
  • Fast and efficient retrieval of relevant information
  • Ability to export and import Project data from database (would allow for industry trending analysis by client).
  • The questionnaire is made up of modules for each standard (NIST, ISO, SOX, HIPPA, Etc…).
  • Mechanism of question reuse, for example if a question applies to NIST and ISO it could be defined to appear in either module.
  • Questionnaire module architecture allows for dynamic creation and customization.
  • Each question has a mathematical equation to determine a score for each question.
  • Computation of section score based on all questions in the section.
  • Reporting functionality