MAPP (Maturity Assessment, Profile, Plan)

Measure, Communicate and Manage Your Security Program.
Origins of the Information Security MAPP

During 10 years of consulting Fortune 1000 clients, Secure Digital Solutions (SDS) has pioneered a rigorous methodology for assessing information security programs and recommending improvements based on the COBIT maturity model. We call this methodology an information security Maturity Assessment, Profile, and Plan (MAPP). MAPP was developed in response to a CIO who asked SDS to provide a “clear, quick picture” of his organization’s security status and three-year strategic plan. Consultants at SDS was challenged to provide a concise, visual representation of that status, with additional supporting detail. The MAPP outcome was presented to the CIO and, within 10 minutes, the client completely understood their security posture and resources required to make improvements.

Automating MAPP

After refining the MAPP approach during hundreds of real-world engagements, we took thStartup business meetinge next innovative step: To automate the process so it would become more rapid, repeatable and actionable. And to close the significant communication gap that exists between CISOs and other business leaders. The resulting platform is TrustMAPP℠, introduced in 2015, with an enhanced 2.0 version released in early 2016.

TrustMAPP℠: “Light-years ahead”

TrustMAPP is among the first instruments to assist with governance and management of information security, privacy, and compliance programs based on the highly regarded COBIT maturity model coupled with industry frameworks and regulations. Ranked “light years” ahead by industry observers, TrustMAPP makes the CISO’s job easier, yet more strategic.

SDS uses TrustMAPP in all its consulting engagements to build a comprehensive Maturity Assessment, Profile and Plan (MAPP) for organizations. TrustMAPP is also available for license as an information security management system (ISMS), putting the methodology of SDS consultants into the hands of internal security officers.

Beyond a dashboard or GRC tool: An instrument for continuous improvement


Some term TrustMAPP an “information security dashboard,” but it’s much more. It’s an advanced, intuitive platform for building continuous quality improvement into information security, privacy, and compliance programs. Configured with widely used NIST, ISO, and SANS control frameworks which can be combined with industry-specific regulations, TrustMAPP’s survey templates rapidly measure the maturity of key business processes across complex enterprises, using COBIT standards.

A powerful analytics engine converts the data into recommended improvements, complete with capital costs and effort. TrustMAPP helps CISOs develop precise plans and budgets, and clearly reports the status of information security programs to executives and the Board of Directors.

With TrustMAPP, information security officers can conduct continuous risk management, unite stakeholders around a clear Maturity Assessment, Profile and Plan (MAPP), and align information security with corporate business objectives.

Request a conversation about TrustMAPP today. Or see a demonstration and free trial offer here.