Baseline
Baseline is an analytical tool for assessing the organisation’s status within topics such as IT security, information security and GDPR. Baseline was developed in Denmark, with a focus on laws and recognized standards.
The tool is accessed in I-Trust’s SaaS platform, enablor, and allows for reporting tools, with an easy-to-understand and clear overview of the areas of action that require attention. Baseline is based on survey measurements and benchmark data, where the output gives the user a clarification of the organisation’s gaps and vulnerabilities.
Baseline is based on the model from the acknowledged Carnegie Mellon’s IDEAL, which has proven to be valuable in large national and international projects for the participating companies and organizations. Baseline has been in use by alle municipalities in Denmark since 2016.
Baseline is set with legal and standard frameworks:
- GDPR
- ISO 27001-2 – Information security
- Cyber Security
- ISO 9001 – quality management system
- ISO 20000-1 – Certifikation for IT services
Benefits for the organization:
- The organization, including management, has direct access to targeted information about their safety assessment and development
- Gap analysis of vulnerabilities and posibility for targeted initiatives
- Access to benchmark data
- Option to follow the development of the initiatives through repeated security measures.
- A userfriendly centralized tool and a report center that is easy to use.
Examples of the use of Baseline:
- Businesses’ assessment of their own IT security performance against standards and laws
- Groups’ assessment of subsidiaries’ compliance efforts
- Companies’ ability to comply with the General Data Protection Regulation
- Audits of business partners, including suppliers, customers and external data processors
- Interest groups for joint efforts of member companies
The company can access its own data through:
- Business Intelligence tool
- Onepager reports
- Management reports
- Common benchmark
- Analysis of data via Baseline and/or by export of data
