Frequently Asked Questions

Click below for responses to frequently asked questions.

A few things.

  1. From the outset collaboration has been key. In the software development and in use.
    • Set up colleagues as contributors and invite people on the front line to offer their views on what needs to be done - this spreads the load and increases accuracy
    • The application is developed on an ongoing basis with users, CISO's and governance experts
  2. Process based on audit periods
    • Results flow easily from one audit period to another, so ongoing improvement and changes in scope are easily demonstrated.
  3. Detailed and high level reports provide ability to drill down within a few short clicks
  4. Nothing to install or download
    • Cloud hosting means rapid 24-7 browser access
    • Security is our first priority, with encryption in transit and at rest.

That's not to mention our radar at-glance data driven visuals, the application is super easy to use, no training required, more users than most teams currently need and it's primary timebase is measured in milliseconds, making instant availability a standard. Plus it is super secure.

First and foremost you can kill off all those confusing, clogged up spread sheets. All the information no longer has to reside on one machine. Information can be shared rapidly and easily, live. Backups are automatic - and live too. Plus your data is not likely to get mangled and 'lost' by VBA. A huge quantity of current and historical information available at your fingertips.

Set user privileges to reduce risk and distraction by minimising access and delivering only the information colleagues need to get thier job done. Very simple. Very powerful. Huge. Privileged access is just one of the key security concepts designed into IT Cyber Audit.

The enterprise version is delivered with more users than most clients think they need. So there's no need to squeeze a small team into a small user group. Most CISO teams are two to four. IT Cyber Audit enterprise is accessible by eight team members. There is a current offer that increases this to ten. Get it while you can.

More user access means you can share information across a management team more easily, this shares responsibility, increases accuracy, reduces time, shares the load and ensures a level of understanding is achieved across the buiness. In addition, the amount of work required of those who really know the answers is minimised. Overall performance, productivity and threat mitigation increased.

Each team member recieves a printed copy of the Enterprise Security Administration (ESA) Newsletter. The newsletter contains a round up of the three most noteworthy security news stories with commentary. A focus on one of the OWASP topics. A review of one of the core IT Cyber Audit features, plus a little bit of CISO humour for good measure.

Good question. The application has been about two years in development, and development seems to be continuous, there is always more to do, there are more refinements planned. Right now NIST 800-43 and ISO 27001 are ready. Still to upload IASME controls and that does not impede NIST or ISO 27001. Hoorah!

There is nothing to download. IT Cyber Audit is 100% an online application delivered through a secure browser. It works amazingly fast through the chrome browser.

As many colleagues as you want, there is no limit. Our servers scale up and down seamlessly according to load requirements 24-7.

No. Once you are signed in there are just three steps to get started. 1st: set the standard you want to use. 2nd: set an audit date in the Calendar. 3rd: select the Audit menu and choose security control or Asset. Once set up the application is very straightforward to use with a very clear and simple menu system. The main menu has four options: Audit, Calendar, Team and Reports. Contextual submenus dynamically appear and change contextually to reveal more options and also serve to make it clear as to where you are.

No, they are sent a link, they simply confirm their registration and then they are taken to an exclusive form for them to complete. It is clear and obvious with your contact information, they can verify the request with you if they need.

Potentially, yes. We employ dedicated cloud hardware and software to secure and protect data collected where security is our first priority.

In the main data stored concerns estimates against standard security controls.

You should never store sensitive data such as passwords or key information within our system. Please use obfuscation techniques in areas that are particularly sensitive. For instance never store server names. Always create a lookup table or use code words you agree on and can communicate among those who need to know. These issues apply broadly to whatever medium you use. Everyone always needs to take care.

Yes. Your branding can be easily applied. Also if you provide CISO services you can include your company branding and client branding. See the example for Ernst & Young / NHS.


There are three branding opportunities a) on screen within the client center. b) on reports produced (as per example provided) and c) on the front page of the newsletter, with a custom monthly introduction (200 words).

If you are interested in partner opportunities please open an account from the home page and we will be in contact.

Yes, many of the features are included as a result of collaboration, consultation and feedback. The software was developed through conversations with actual users, such as CISO's and governance experts and administrators which oddly is unusual. There are new and more features planned to be added as a result of ongoing feedback.

It appears there are always going to be further configuration options to add, to ensure the application really works well and is configurable for your business. You will get to love the simple to use dashboard.

Yes there is and we know what you mean by annoying. If you turn everything on and have a lot of users some systems annoyingly ping all day. The basic level of alerts is a visual onscreen column with no 'ping' (Alerts also do not print when you print reports). The alerts are listed in date or creation / arrival order and is automatically updated.

A browser level counter may be added so you can see the count in the browser without the need to load the page. In addition text messages may be configured and optionally triggered so that when certain audits are received the audits you nominate trigger the alert. Text alerts can be an important way to thank team members for their input immediately upon receipt. Particularly valuable for recognition and appreciating others.

The application is only available to newsletter subscribers it is a legal requirement that the newsletter is delivered in print. The newsletter is published monthly and sent by post. It can be co-branded and contains the name of the CISO who manages the process. Carrying branded references and naming the publisher adds weight and helps to ensure contents are recognised and read, additional great reasons why the newsletter is delivered by post and presented in print.

Every newsletter is themed*. The newsletter contains a round up of the top three security stories for the month. It contains a deep dive on one of the biggest threats as listed on OWASP and it contains a little bit of CISO humour.

The objective is to spread the awareness of our shared security objectives and issues to help the wider team to become more capable and aware of security in their part of the business.

* Theme. The first two hundred words of the newsletter may be written by you in order to customise the communication to match a theme or promotion that is relevent to your business every month.

Yes it is. Aldwych Factors Ltd is a current BSI Subscribing Member. Membership number: 47748643. Membership is valued and enables us to have direct access to and to stay up to date with the latest and most current standards.



Compliance Links