PDF Exports

Gridiron Compliance OS provides several types of exports for you to distribute your Security Management Program (or “ISMS”) internally or externally to auditors, customers, or prospects.

You can request an export through through the app by clicking the Export button in the Revision History or Program tab, which will respectively provide you with an export of a Revision or Approval.

Note

Exports take a bit of time to generate. You will notified by email as soon as your export is ready.

Export Types

Entire ISMS Export

Contents

This export is a ZIP archive that includes:

  • One PDF for each document in your ISMS. Those files are smaller and easier to navigate.
  • One PDF that includes all the documents in your ISMS. This file might be easier to share externally.
  • An Error Report.

Audience

We recommend using the Entire ISMS Export internally to distribute your ISMS in cases where you cannot grant users direct access to Gridiron Compliance OS.

You might also want to share this report externally if you’re explicitly asked for your ISMS Manual.

Gap Assessment Export

Contents

The Gap Assessment is a ZIP archive that includes:

  • One PDF for each of the Protocols you have subscribed to. This document breaks down your Policies in terms of the Protocol’s Controls. Relevant Procedures (i.e. those that map to a Policy that appears in the export) are also included.
  • An Error Report.

Warning

The Gap Assessment does not include:

  • Policies you have not authored yet.
  • Procedures you have not authored or implemented yet.

Instead, your Gap Assessment will indicate “Policies Pending” or “Procedures Pending” when a missing statement is found. The Error Report will list all of those.

Note

The Gap Assessment is conceptually similar to the Assessors you have access to in the web app: they both show the same breakdown of Policies and Procedures by Protocol Controls.

Audience

We recommend sharing a Gap Assessment externally when you’re asked about your ISMS.

Tip

Before sharing a Gap Assessment externally, we strongly encourage you to review its Error Report!

Customers and Prospects

When interacting with prospects and customers, you might want to share your Gap Assessment proactively to demonstrate your good security practices.

Auditors

When undergoing an audit, sharing your Gap Assessment is the ideal way to give your auditor a roadmap to your ISMS.

Indeed, your auditor will be familiar with the Controls required by the Protocol they’re auditing you for, but they will not be familiar with your ISMS structure.

Sharing a Gap Assessment solves this problem by providing your auditor with a convenient breakdown of your ISMS in terms of the Protocol Controls they are familiar with.

Tip

This format is also known as an “ISMS Manual”. It’s fairly common and appreciated in audits for its convenience.

Error Reports

Exports contain error reports to warn you about errors such as placeholders or unmapped controls that appear in your export.

While those errors do not prevent the generation of an export, we encourage you to review them before distributing an export.

You can open the error report with any text editor, such as TextEdit on Mac, Notepad on Windows, or Gedit on Linux.