Security perimeter: Complete functional model, subject to license

Suppliers and applications: Simple, unlimited functional model

Groupings / Trees :

Consolidation elements (reporting)
Unlimited
Rights assignment
No assignment of objects to these elements: policies / actions / measures

Users

Root pilot : can create objects and users, enter objects, view all organization data. You can limit the objects accessible for the users.
Local pilot : can create objects and users, enter objects, view data related to his scope of intervention.
Contributor : Cannot create objects except for exemptions (request) and incidents (declaration), enter objects, access only the contribution menu and cockpit dashboard.
Auditor : Read-only access to the solution. You can limit the objects he can access.

💡 If you wish to restrict access for a local driver or auditor:

⚙️ Wheel > Users > click on your user > Access tab

💡You can create user groups to assign objects to a team.

⚙️ Wheel > Groups

⚙️ Wheel

Catalog: The catalog contains public elements (proposed by Tenacy) and private elements (created or customized by you).

Authentication: Configure your organization's SSO

Scales :

Indicator scales: to associate colors and icons with performance indicator values in dashboards
Evaluation scales: to select answers for evaluation campaigns, and display the corresponding results

Risk scales: to qualify the impact and probability of risks
Application scales: used to qualify the criticality level of applications (in simple or DICP mode). This tab also contains the scales used to carry out PSI assessments.
Priority scales: to specify the relative priority of controls in a security policy
Weather scales: used to define icons and colors for weather displays in action logs.

Functions: functions are used to distribute the various controls in a security policy among different populations.

Labels: labels can be used to group objects transversally.

Internal metrics and indicators: Tenacy automatically manages (creates, feeds, calculates and deletes) internal metrics and indicators for most objects.

Logs: a complete audit trail of actions carried out in the application is available. Logs are organized by category and sub-category for easy filtering of activity types.

Preferences: preferences allow you to customize or configure elements of your context.

⚠️ Except for the password policy (Search by password keyword), call support if you wish to change a preference.

Licenses: view your license limitations

Connectors: consult your connectors set up on your account

Contacts: to facilitate communication with different scopes and stakeholders, in particular suppliers, it is now possible to create and associate contacts with scopes.

💡 Allows you to consult new features of the solution

🔔 Allows you to access your reviews, some objects require pilot validation.

Measures

Measures: software and/or processes and/or team to secure a perimeter.

🔎 In Tenacy all objects will revolve around the measures

Offered Measures: the offered measures are all the measures you'll find in the Tenacy catalog.

🔎 If you don't find a measure you can contact us in the chat to exchange on the subject. The Tenacy team regularly updates its device catalog.

Operated measures: the measures you have put in place in your organization. They make up your security base.

⚠️ A faulty measure is an operated measure, not a measure under construction.

Construction Measure: A measure that you don't have in your organization, but which you are going to implement in your organization.

Security base:

Set of measures that secure a perimeter.
Composed of operated, offered and consumed measures

Policies

Public policies are modeled by Tenacy teams
Public policies can be found in the Tenacy catalog
Depending on your license level, public policies are limited.
Public policies can be modified by copying them

Private policies are unlimited

Registers

Unlimited for all objects

An object can be present in several registers
An object cannot be present more than once in the same register
In actions, recurring tasks and gap registers, you can add groups for greater reporting granularity.

Risks

You can manage the treatment of your risks, but risk analysis is an Add-On.
You can find public risks modeled by the Tenacy team

Actions

Building action: building actions enable you to build your measures under construction.
Improvement action: Improvement actions enable you to improve your operated measures.
Simple action: Simple actions are not linked to a measure.
Actions have an end date

Recurring tasks

Carrying out recurring tasks contributes to the performance of your measures.
2 types of recurring tasks: operational (e.g. updating the AD following departure/arrival) and control (e.g. checking that all active AD accounts correspond to active employees).
Completion window: Allows you to define the task completion window (e.g.: 7-day completion window for a monthly task = must be completed between the 23rd and 30th of the month).
You cannot modify the periodicity of a RT if there is a history.

Metrics

A metric can be entered by one perimeter for another perimeter.
To implement a metric history, use Excel import.
A metric is to be filled in at the end of its periodicity (e.g.: metric for the month of January to be filled in from February 1st).
A metric can be attached to a Recurring Task.
Can be entered via API, connector, Excel or In-app by a user.

Indicators

An activity indicator does not contribute to the performance of a measure.
A percentage performance indicator is attached to a measure only if the objective is to be close to 100%. ( Ex : ❌ % of people having clicked the fishing link / ✅ % of people not having clicked the fishing link)
The periodicity of an indicator can be different from that of the metrics linked to it.