How It Works

Comprehensive Information Security Program Management without the Guesswork.

Research shows CISOs are often hampered by inadequate strategy, lack of resources, effective KPI’s to communicate performance, and executive trust. These management challenges are solved with a MAPP—a Maturity Assessment, Profile and Plan focused on strengthening process maturity. Now assisted with a groundbreaking SaaS called TrustMAPP℠, the MAPP approach is a repeatable, reliable, and proven security management process that saves time and prioritizes investments.

TrustMAPP Delivers a Repeatable Security Program Management lifecycle in 3 Steps:


Assess – Processes derived from regulatory requirements and industry frameworks are measured using six maturity attributes (Awareness, Policy/Procedure, Automation, Expertise, Accountability and Measurability) and each attribute is scored on a maturity scale of one through five. This measurement is rapid and repeatable using pre-built assessment templates configured to the NIST Cyber Security Framework and ISO27001, as well as industry-specific regulations such as GLBA, HIPAA, PCI DSS, GLBA, FFIEC, and SOX. The assessment templates aggregate duplicative controls to common processes. Where most teams manage hundreds of controls with TrustMAPP these are mapped to a set of between 10 to 40 processes.


icon-profile-resultsProfile – Each business process maturity is scored using six dimensions of maturity adopted from COBIT: awareness, policy and procedures, automation, expertise, accountability, and measurability. Multiple streams of assessment data is transformed into meaningful visual summaries of security status and investment needs for effective communication with executives and boards. Perform trending analysis and see process improvements over time to represent ROI with executive stakeholders.


Picon-plan-objectiveslan – Pre-populated recommendations for information security improvements are prioritized by highest business impact and delivered with resource hours and capital cost estimates—forming the foundation for strategic plans and budgets that advance maturity goals and improve cyber security posture. TrustMAPP empowers leadership with a clear picture of the organization’s cybersecurity posture, including trending analysis, planning and budgeting, and built-in support for multiple frameworks.


Try TrustMAPP now. To learn how to implement the MAPP approach, download our free white paper.