Meycor COBIT CSA (Control Self-Assessment)

The MEYCOR COBIT CSA software was developed by DATASEC and constitutes a unique worldwide tool since it includes, in its current version, international standards such as the COBIT 4.1® Framework standards. This tool has had a constant evolution since its first version six years ago. This development sprung from the incorporation of new elements that enable multiple assessments for different analysis centers or the follow-up of several assessment periods.

This certainly constitutes a distinguishing feature, since MEYCOR COBIT CSA does not only perform a diagnosis of the current situation and issues appropriate recommendations, but also allows for periodical assessments which can be compared against each other to measure the progress made during periods. Our company is always open to suggestions and requests made by our clients, including, to the possible extent, all their requirements into the new versions of the product.

This flow of ideas with our clients gave birth to the concept of incorporating to our MEYCOR COBIT CSA software an audit module (MEYCOR-AUDIT COBIT CSA), whose main purpose is to verify the reliability of the answers provided to the questionnaires. Since all diagnoses and recommendations are based on such answers, this module rounds up the assessment, providing a tool that performs a reliability verification independent from the assessment itself.

This additional module also evolved, incorporating new options that enable the Auditor to access reports generated by MEYCOR COBIT CSA (in a read-only access), expand the basic audit procedures list, analyze the significance of found deviations, and generate reports from Work Papers, Advancement Summaries, etc.

  • Includes a project-focused methodology to guide the Administrator through the different steps of the assessment process.
  • Different access levels for each owner or user can be defined, assigning a login and password that allows selective access for each of the 34 COBIT® processes.
  • Includes two useful routines to ease understanding and induce awareness in Senior Management (extracted from the COBIT® Implementation Tool Set):
    - IT Governance Self-Assessment Checklist.
    - Management's IT Concerns Diagnostics Tool.
    - Automatically generates a ranking of processes according to the results of the aforementioned assessment tools.
  • Includes an Audit Module (MEYCOR-AUDIT COBIT CSA) to review the accuracy of the answers provided by management, owners or users responsible for answering the questions.
  • Allows the user to increase the granularity in the assessment of some of the COBIT® control objectives, allowing to add new controls or to customize existing ones in the Database. This expands the assessment to include other platforms such as Windows® NT/2000, UNIX®, Novell®, AS/400® , ORACLE®, and Internet.
  • Allows management of the internal weighing used by the software for each control objective in order to customize them to the particulars of each organization being considered. As a result of the weighing procedure, a quantitative value for each process can be obtained.
  • Identifies different restriction levels (related to the 5 IT resources) that will hinder the implementation of control objectives unless major changes in approach, investment in infrastructure or in control and security priorities are undertaken by those that establish the organization's policies.
  • Allows the appraisal of implementation costs for each recommendation associated to control objectives, generating a schedule for its implementation along several periods.
  • Enables the analysis of control and security status concerning the corresponding control objectives for specific platforms (Windows® NT/2000, UNIX®, Novell®, AS/400®, ORACLE®, Internet, Dataware Housing, etc.), including additional questionnaires to assess these platforms.
  • Allows the assessment of large corporations with IT resources distributed in different locations by creating several Analysis Centers, being able to consolidate results locally or globally.
  • Enables a periodical review of the decisions attained by Management through comparison of analysis charts obtained during different assessment periods.
  • The MEYCOR-AUDIT COBIT CSA module also includes the COBIT® 3rd Edition Audit Guidelines.

 Features included in MEYCOR COBIT CSA

  • High-level security questionnaires, consisting of the 215 COBIT 4.1® control objectives.
  • Multi-user access and off-line answer synchronization for off-line assessments.
  • Bar and radar charts depicting the status of the 34 COBIT 4.1® IT processes.
  • Detailed reports with recommendations to help in the successful implementation of control objectives where deficiencies were detected.
  • Wholly integrated Microsoft® Word and Excel report interface (generates RTF and XLS documents).
  • On-line help.

The latest version of the MEYCOR-AUDIT COBIT CSA module also includes the COBIT® 3rd Edition Audit Guidelines. In addition to being able to assess security, quality, effectiveness and efficiency issues addressed by the 215 COBIT 4.1® Control Objectives, the MEYCOR COBIT CSA module knowledge database can be expanded (for both questionnaires and recommendations) according to the specific needs of each of the platforms used in the organization (Windows® NT/2000, UNIX®, Novell®, AS/400®, ORACLE®, etc.), or according to other relevant security issues such as access permissions, environmental control, fire & water damage, etc. This narrows the initial diagnosis based on the COBIT® framework, generating analyses and recommendations for each of the existing technologies in the organization.

In short, the MEYCOR COBIT CSA software (which includes both the analysis and recommendations module and the audit module), is a product in constant evolution, adopting and adapting worldly renowned methodologies to its own framework of analyzing, diagnosing and issuing recommendations. In addition to this, the software developers are all specialists in security, quality, effectiveness and efficiency issues, each having the CISA certificate issued by the Information Systems Audit and Control Association (ISACA).

This product is particularly suitable for the implementation of the COBIT® framework in those countries where control, audit and security procedures are not traditionally integrated as in more advanced countries, so that even in adverse conditions COBIT® can be used in any area of the organization, relying only on the awareness level and know-how of the COBIT® framework.

MEYCOR COBIT – Control Self-Assessment is intended for Information Systems Management, Senior Management, Internal or External Audits, Management Consultants, and can even be used in those organizations where there are no Audit Standards or support from any appropriate national regulation, policy or law.

Which strategic questions does it answer?

  • How can I achieve security, quality, efficiency and effectiveness in my Information System by means of a flexible and lasting assessment tool?
  • What is my current security status under different technological platforms such as Windows® NT/2000, UNIX®, Novell®, AS/400® and ORACLE®?
  • How can I improve the security of my Information System?
  • Which built-in or temporary restrictions are to be met?
  • How can I devise a successful security and quality plan that optimizes available resources and renders the implementation of corresponding policies and procedures easier?
  • How can I follow and document every registered advancement made regarding compliance with COBIT 4.1® standards?

About us

Datasec is a corporation with international presence since 1987, pioneer in information technology (IT) security, compliance, assurance and governance.

More >

Contact us