We're excited to introduce a completely redesigned version of the Security base module on Tenacy! 🤩
At the heart of our platform, this module is essential for managing your security measures and ensuring your cyber compliance.
These measures could be the softwares, processes, and teams that help secure your organization. They support you in meeting the requirements of your security policies and addressing your risks. With this update, we're offering a smoother, more intuitive, and even more powerful experience to manage your cybersecurity challenges.
💡 What’s new in this version
✔️ Simplified navigation – designed to guide you more effectively and make adoption easier.
✔️ A more intuitive interface – redesigned to reduce complexity and help you gain greater autonomy.
✔️ A centralized view – all your security measures in one place, for better visibility and oversight.
✔️ Clearer terminology – updated language aligned with your everyday practices.
✔️ Smoother actions – add, edit, and track your measures and controls in just a few clicks.
⚪ Security Measure Statuses
▫️ To be handled – These are the security measures expected within your perimeter according to your compliance policy, but which have not yet been implemented.
🔸 Not implemented – Measures you have chosen not to implement for specific reasons (non-applicability, prioritization, etc.), or those currently being implemented but not yet completed.
🔹 Implemented – Measures that are active and in place within your perimeter. There are two cases, distinguished by color for clarity:
🟩 The measure is implemented within your perimeter, and you are responsible for it. You can also share it with other perimeters by adding them as beneficiaries.
🟦 The measure is implemented by another perimeter, but you benefit from it. For example, a measure deployed at the group or IT level that you apply locally.
🔎 Explore your existing measures
View and edit beneficiary perimeters – Identify who benefits from the measure, and add others if needed.
Check the efficiency of the measure – Track its implementation level and its impact on your compliance.
Add and view related actions – Plan improvement actions and monitor their progress.
Add and review recurring controls – Set up recurring tasks and indicators to ensure regular monitoring of the measure.
✔️ How to implement a new measure from your security base?
There are two possible scenarios depending on the current status of the measure within your perimeter:
▫️ The measure already exists (fully or partially) in my organization
In this case, go to the list of “To be handled” measures, then:
Click on the concerned measure
Choose to implement it directly
👉 It will then change to the “Implemented” status, and you’ll be able to define its perimeter of application, add controls, and more.
▫️ The measure doesn’t yet exist in my organization, but I want to implement it
If the measure is not yet present in your perimeter, but you plan to implement it later on:
Click on the concerned measure
Define it as “Not implemented”
Add an implementation action
💡 It’s up to you!
Previously, an implementation action (
) was created automatically whenever a measure was marked as “in implementation”().
But thanks to your feedback, you now decide:
Create an action if you plan to implement the measure
Or wait, if it’s not planned in the short term
👉 This helps avoid cluttering your action plan
👉 Once the action is completed, you can update the measure’s status to “Implemented”
➕ Add an improvement action to an implemented measure
❓Why add an improvement action?
Adding an improvement action means the measure is not currently operating at 100% efficiency. This highlights the need for improvement and enables you to take concrete action.
🧠 For example:
You have a measure called “Workstation malware protection” with an efficiency score of 100.
But you realize that the antivirus is no longer up to date.
You then add an action: “Update the antivirus”, marked with a major impact.
➡️ Result: The measure’s efficiency automatically drops from 100 to 50.
Once the action is completed, the efficiency can return to 100.
To add an improvement action to a measure:
Click on the implemented measure you want to improve.
In the measure’s detail page, go to the “Efficiency” section, then click “Add improvement action.”
Describe the action to be taken and select its impact level: neutral, minor, or major.
Choose the action plan where you want this action to be added.
Optionally, assign the person or group responsible for carrying out the action.
➕ Add recurring controls to an implemented measure
❓Why add a control to my security measure?
Having a measure in place isn't enough to guarantee its efficiency.
Without recurrent controls, it's difficult to demonstrate that it continues to function properly over time.
To properly assess its performance, you should link the measure with:
At least one recurring task (e.g., checks, audits, updates),
Or at least one performance indicator (e.g., onboarding awareness rate, continuity test success rate)
To add a recurring control to a measure:
Click on the implemented measure you want to monitor.
In the measure’s detail page, go to the “Proofs” section, then click “Add control.”
Tenacy will suggest recurring tasks or indicators to help you monitor the measure effectively.
Optionally, assign the control to a person or a team.
Choose the register where you want to save it (for recurring tasks).
⚠️ Not all suggested controls need to be implemented to ensure the performance of a measure.
Avoid adding controls that you won’t be able to carry out or maintain over time.
If expected results are not submitted regularly, it will negatively impact the performance score of your measure.