How It Works

Comprehensive Information Security Program Management without the Guesswork.

Research shows CISOs are often hampered by inadequate strategy, lack of resources, effective KPI’s to communicate performance, and executive trust. These management challenges are solved with a MAPP—a Maturity Assessment, Profile and Plan focused on strengthening cyber security program performance. Now assisted with a groundbreaking SaaS platform titled TrustMAPP℠, the MAPP approach is a repeatable, reliable, and proven security management platform to save up to 70% of time while prioritizing resource teams and capital investments. Through qualitative assessments and integration available of quantitative data from GRC tools, Vulnerability Management Systems and Service Desk platforms, TrustMAPP delivers a governance and strategy solution.

TrustMAPP Delivers a Repeatable Security Program Management lifecycle in 3 Steps:


Assess – Processes derived from regulatory controls and industry frameworks are measured using six maturity attributes (Awareness, Policy/Procedure, Automation, Expertise, Accountability and Measurability) and each attribute is scored on a CMMI maturity scale of one through five. This measurement is rapid and repeatable using pre-built assessment templates configured to the NIST Cyber Security Framework, NIST 800-53v4, ISO27001, ISO27002, as well as industry-specific regulations such as  HIPAA, PCI DSS, FFIEC CAT, GDPR and others. The assessment templates aggregate duplicative controls mapped to common processes. Where most teams have to manage and struggle to communicate performance of hundreds of controls with TrustMAPP this management and performance scope is reduced to typically  a set of between 20 to 40 processes. Take your cybersecurity performance to the next-level by intaking data feeds into TrustMAPP from your GRC, service desk and vulnerability management platforms.


icon-profile-resultsProfile – Each business process maturity is scored using six dimensions of maturity including awareness, policy and procedures, automation, expertise, accountability, and measurability. Multiple streams of assessment data (qualitative and quantitative both available) is transformed into meaningful visual summaries of security status using TrustMAPP’s pre-built analytics proven by industry-leading customers. Using templates available to measure your program you’ll also have access to pre-loaded improvement guidance based on establish maturity performance goals and estimated level of effort and capital investment scaled to your company size. Customers perform trending analysis and see process improvements over time to represent ROI with executive stakeholders. The power of security program baselines and continual improvement is now at your fingertips by leveraging TrustMAPP’s continual improvement task interface and Gantt chart capability to capture improvements or digression of performance from departments outside of information security.


Picon-plan-objectiveslan – Pre-populated recommendations for information security improvements are prioritized by highest business impact and delivered with resource hours and capital cost estimates—forming the foundation for strategic plans and budgets that advance cybersecurity maturity goals and improve cyber risk posture. You will have the ability to incorporate risks and associate those risks with your process maturity to finally provide a complete performance management story with executive leadership. TrustMAPP rapidly provides teams with a clear graphical representation supported by a supported by a numerical formula of the organization’s cybersecurity performance, including trending analysis, planning and budgeting, and built-in support for multiple frameworks and regulations.


Try TrustMAPP now. To learn how to implement the MAPP approach, download our free white paper.