Record of Processing Activities
Transfer Impact Assessment
Privacy Impact Assessment
Cybersecurity Controls
Cybersecurity Risk Management
Interactive Awareness ProgramPlatform Modules
Cybersecurity Management System (CSC) — Docs
Manage cybersecurity controls and GAP analysis across multiple frameworks in Unicis Platform.
The Cybersecurity Management System (CSC) module provides a comprehensive set of baseline security controls to safeguard against cyber threats. It supports multiple compliance frameworks, enabling organizations to assess their security posture, track control implementation, and perform GAP analysis.
Supported Frameworks
Framework availability by subscription plan:
| Framework | Plan |
|---|---|
| MVSP v1.0 (Minimum Viable Secure Product) | Community (default) |
| GDPR | Community |
| ISO/IEC 27001 | Premium |
| EU NIS2 Directive | Premium |
| CIS Critical Security Controls v8.1 | Premium |
| C5 (Cloud Computing Compliance Controls Catalogue) | Premium |
| OWASP ASVS v5 | Premium |
| ISO/IEC 42001 | Premium |
| NIST CSF 2.0 | Ultimate |
| SOC 2 | Ultimate |
| PCI DSS v4.0.1 | Ultimate |
And many more see on Frameworks page.
Multi-framework selection by plan:
- Community — access to one cybersecurity framework
- Premium — select and manage up to three frameworks simultaneously
- Ultimate — access to all frameworks with full multi-framework integration and cross-mapping support
Dashboard
The CSC dashboard is divided into two sections.
Charts
- Pie chart — distribution of control statuses as a proportion of all controls
- Radar chart — security maturity levels per domain, based on ISO/IEC 21827methodology
Controls Table
| Column | Description |
|---|---|
| Code | Framework code, e.g. MVSP-1.1 |
| Section | Domain or section, e.g. Business Controls, Application Design Controls |
| Control | Control name, e.g. Training, Self-assessment |
| Requirements | What must be set up and put into practice |
| Status | Current maturity level (dropdown) |
| Tasks | Linked tasks/evidence (dropdown selection from team tasks) |
Controls Mapping
Controls Mapping provides cross-framework visibility by linking related controls across different standards. When two or more frameworks are active, the platform automatically identifies and surfaces connections between their controls.
Mapped Control Count
Each control displays the number of controls from other active frameworks it is mapped to. This gives an at-a-glance indication of cross-framework coverage without leaving the controls table.
Detailed Relationship View
Clicking on a mapped control opens a detailed view showing exactly which controls from other frameworks are linked. This allows you to understand shared obligations and avoid duplicating evidence collection across standards.
Linked Tasks
Mapped controls also surface the tasks already linked to their counterparts in other frameworks. This means evidence captured for one framework’s control is immediately visible when reviewing the corresponding control in another — reducing redundant work.
Controls Mapping Matrix
The Controls Mapping Matrix provides a full visual overview of the mapping status between any two active frameworks. It renders as a grid where rows represent controls from one framework and columns represent controls from another, with each cell indicating whether a mapping exists.
Use the matrix to:
- Identify gaps — controls in one framework with no mapped equivalent in another
- Spot overlaps — a single implementation effort that satisfies requirements in multiple standards
- Accelerate onboarding — when adding a new framework, understand which existing controls already provide coverage
Statement of Applicability (SoA)
The Statement of Applicability documents which controls from a selected framework apply to your organization, along with their implementation status and justification.
The SoA can be exported directly from the platform in the following formats:
- HTML — for web-based sharing and online documentation
- PDF — for formal submissions, auditor packages, and archiving
- Excel — for offline review, annotation, and stakeholder distribution
The export reflects the current state of your control selections, ensuring the SoA stays in sync with your compliance posture without any manual rebuild in external tools.
Maturity Levels (ISO/IEC 21827)
Maturity level is based on ISO/IEC 21827
- Systems Security Engineering - Capability Maturity Model:| Status | Meaning |
|---|---|
| Unknown | Has not been checked yet |
| Not Applicable | Management has determined this can be ignored |
| Not Performed | Complete lack of recognizable policy, procedure, or control |
| Performed Informally | Development barely started; requires significant work |
| Planned | Progressing but not yet complete |
| Well Defined | Mostly complete; detail lacking or not yet enforced by management |
| Quantitatively Controlled | Complete; implemented and recently started operating |
| Continuously Improving | Fully satisfied; actively monitored with substantial auditor evidence |
Add a Control to a Task
From a task in edit mode, open the Cybersecurity Controls tab:
- Select a control from the dropdown (format:
CODE: Section, Control name, e.g.MVSP-1.5: Business controls, Training) - Set the Status
- Read the control requirements
- Add additional controls with + Add Control
- Remove a specific control with the Remove button next to it
Delete
Controls associated with a task can be deleted individually by clicking Remove next to the specific control, or all controls can be cleared by deleting the associated task.
Activity Logs
Access audit logs by opening the associated task and navigating to Audit Logs → Cybersecurity Audit Logs.
Logged events:
- Created
- Updated
- Deleted