GV.RM-07.031

Has your organization identified and documented stretch goals for security improvements beyond current compliance requirements?

Explanation

Stretch goals represent aspirational security objectives that exceed minimum compliance requirements and demonstrate commitment to continuous security improvement. These goals should be documented, measurable, and aligned with the organization's overall security strategy and risk appetite. Examples include achieving a higher maturity level in a security framework, implementing advanced security technologies, or reducing incident response times beyond industry standards. Evidence could include a formal document outlining security stretch goals with timelines, metrics for success, resource requirements, and alignment to business objectives. This might be part of a security roadmap, strategic planning document, or dedicated security improvement plan.

Implementation Example

Identify stretch goals and document them

ID: GV.RM-07.031

Context

Function: GV: GOVERN
Category: GV.RM: Risk Management Strategy
Sub-Category: Strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub