Establishing a GRC program with Keylight Platform
LockPath released Keylight Platform 2.3 which gives users the ability to upload data files (.xls and .csv) and import them directly into DCF tables.
In addition, Threat Manager now displays vulnerability scan reports within a DCF table, allowing users to assign vulnerability tasks and track remediation items via workflow.
Threat Manager now also dynamically pulls in the latest vulnerability results from the Qualys Detection API on a scheduled interval, providing differential imports, de-duplicating vulnerability data and reducing import processing time and bandwidth requirements.
“LockPath has developed a next generation GRC platform, and the seamless integration with the QualysGuard cloud platform will streamline the tedious process of collecting and presenting security and compliance data for IT-GRC,” said Philippe Courtot, chairman and CEO of Qualys.
Other enhancements in Keylight 2.3 include:
Reporting and dashboards: Users can now generate detailed reports to display the mapping relationships between controls and business units, controls and Compliance Documents, Authority Documents and business units, and Authority Documents and citations. There is also a new system dashboard report portlet, which displays a pie chart of the percentage of controls that are currently mapped to a Compliance Document versus controls that are not mapped.
Keylight compliance manager: In addition to more easily mapping controls and audit items to citations, users can now select an Authority Document Issuer when creating a new Authority Document and run reports filtered by those issuers. Managing assessments is also easier now, as users can copy an assessment template and view assessment questions linked to controls. Version 2.3 also offers the option for point- and percentage-based assessment scoring labels when creating the template, and users can report on assessment score labels.
Email templates: Users can now access and customize email templates for awareness events and vendor contact account alerts.