Reporting and Oversight

This chapter provides an approach to reporting and oversight intended for management and boards of directors based on various metrics and indicators. The purpose of reporting and oversight is to provide governing bodies with all the relevant information they need to judge the state of security at a particular point in time, and to provide guidance. The information produced as part of reporting and oversight activities is sometimes called strategic indicators. Reporting for oversight or program adaptation purposes can be made with a simplified presentation of the state of risks. Reviewing these projects or priorities should be part of reporting and oversight, since it is the responsibility of other forums or committees. Through its program, security achieves the following objectives: the deployment of strategic initiatives, risk mitigation, improvement of the posture of the protection system, reinforcement of compliance, and the implementation of corrective measures requested by audits.