Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Your step-by-step guide to information security in Cerivo

Follow a structured approach to build, run, and maintain your information security program.

 Introduction

Cerivo supports a structured approach to information security, built on best practices and the Plan–Do–Check–Act principle.

This guide outlines the key steps to help you establish and maintain a clear, reliable program.

Build your foundation

First, build a solid foundation for working with information security in Cerivo.

1. Set up your Cerivo workspace

Start by preparing your foundation:

  • Create your Cerivo account
  • Invite relevant users
  • Complete your company information

This ensures your setup is accurate and ready to support your work.

2. Map your systems

Document the systems your organization uses.

This gives you visibility into where data is handled and helps you manage system-level risks.

Learn more about mapping your systems.

3. Map your vendors

Add your vendors, including data processors.

This helps you understand and manage risks across your supply chain.

Learn more about mapping your vendors.

4. Identify supply chains and criticality

Build a clearer picture of your dependencies:

  • Link sub-vendors to systems and vendors
  • Assess the criticality of each system

This helps you prioritize where to focus your efforts.

Run your program

Once your foundation is in place, you can begin managing your program.

5. Perform risk assessments

Identify and assess risks based on real threats.

This helps you understand where action is needed and supports informed decision-making.

Read all about working with risk assessments in Cerivo.

6. Set up your control framework

Choose and implement the frameworks relevant to your organization, such as:

  • ISO 27001 / 27002
  • NIS2
  • CIS 18
  • ISAE 3000

Cerivo supports multiple frameworks and allows you to map controls across them.

You can also create custom controls to reflect your own approach.

7. Manage vendors and audits

Review and audit your vendors regularly.

This ensures your supply chain meets your security and compliance requirements.

Read about vendor audits in Cerivo.

8. Handle security incidents

Use the Security Incidents module to log, track, and respond to incidents.

This helps you identify patterns and strengthen your response over time.

Maintain and improve

Information security is an ongoing process.

Build awareness

  • Distribute and track policies

  • Ensure users understand their responsibilities

Read about sending policies from Cerivo.

Create a structured task cycle

Use tasks to build your annual cycle of work:

  • set up recurring tasks

  • plan internal audits
  • document ongoing activities automatically

This creates a consistent and reliable way of working.

A continuous approach

Information security improves over time through regular review and adjustment.

By combining structure, visibility, and clear responsibility, you can maintain a program that adapts as your organization evolves.

 

Any questions? Contact us at support@cerivo.com!