Key Terms and Concepts
Key Terms and concepts
Across our platform we use some terminology and concepts you may not be familiar with. Below is a list of some of the most important terms and concepts, together with a brief description.
- Instance: An instance is like your own personal Apomatix website. It has a unique URL (which you have chosen) and stores your data in a dedicated database, separate from other users’.
- Launch Pad: Launch pad is the section of our platform where you choose which instance you’d like to use. Most organizations will only have one instance, but in certain cases where you’d like the data separated (e.g. an auditor using Apomatix to assess several companies) it will make sense to have several.
- Scope: In Information Security, a scope is the extent and boundaries of an audit. On our platform, we use the term scope in the same way. In short, it is what you want to assess. It can be anything that makes sense for your organization, however big or small. It could be a geographic location (e.g UK), a particular office (e.g London), or a particular function (e.g. Marketing or Sales).
- Framework: A Framework is a set of questions you can use to assess your compliance against major legislation (e.g. GDPR) and industry standards (e.g ISO 27001), or guidance on more specific topics (e.g. network security).
- Risk Control: A risk control is a question within a framework, detailing a particular activity (or series of activities) you must undertake in order to improve your security and/or comply with a given industry standard or legal act.
- Categories: Risk controls are grouped into categories to help streamline your assessment activities. Risk controls in the same categories will relate to the same area (e.g. Firewalls or Anti-virus software).
- Risk Score: To help your organization understand the level of risk it faces, each risk control can be individually scored (either by an Assessor or by our Autopilot) on a 1 to 5 scale. On our platform, 1 represents the lowest level of risk (Negligible) and 5 the highest (Critical). The score assigned is based on the extent to which you have implemented the risk control in question (i.e. a score of 5 means your organization has not implemented the control, while a score of one means the control has been implemented fully).