Understanding Your Situation

GITSP provides guidelines to protect our assets but may not fully apply to all of Genpos' unique operations.

GITSP is critical for ensuring information security across all Genpos, making every operation secure by default.

GITSP helps maintain only certain types of security and may not be relevant for daily tasks.

GITSP doesn’t impact Genpos directly but is essential for the organization as a whole.

Yes, I review all aspects of GITSP and am 100% compliant every time.

I believe so, but it’s difficult to interpret some parts of the policy and ensure full compliance.

Sometimes, as GITSP can be challenging to apply consistently across all systems.

I don’t focus much on GITSP compliance, as it’s rarely an issue for internal audits.

100% confident—our operations are fully aligned with GITSP without exceptions.

Around 70-80% confident—we mostly comply, but some areas could improve.

Less than 50%—compliance with GITSP is complex and may vary.

Compliance with GITSP is not measurable and depends on the type of audit conducted.

I understand it well, but practice is challenging, especially with day-to-day demands.

GITSP is important, but sometimes the guidelines seem disconnected from real scenarios.

GITSP is relatively easy to understand and implement across all operations.

It’s hard to see GITSP’s relevance; it feels like an abstract concept more than a daily tool.

Lack of GITSP clarity and guidance on specific processes.

Limited training on the importance of GITSP compliance.

It’s likely due to inconsistent audit criteria rather than true non-compliance.

There are too many policies, making it hard to follow GITSP consistently.

Yes, GITSP addresses shadow IT and business-managed systems effectively.

Only partially, as shadow IT isn’t always visible within GITSP scope.

No, GITSP excludes shadow IT, focusing only on core systems.

It depends on each Genpo’s interpretation of GITSP policies.

Tools alone aren’t enough; training and awareness are equally important.

Severe incidents are rare, but when they happen, it’s due to unpredictable risks.

Even the best tools cannot prevent human error in implementing GITSP.

We may have the tools, but GITSP itself could lack detailed guidance for every situation.

100% confident—GITSP makes cyber attacks nearly impossible.

80-90% confident—we follow GITSP but acknowledge some risks remain.

50-70% confident—there’s always a chance, even with GITSP.

Confidence isn’t helpful; preparedness against attack is our primary focus.

Yes, several times, and most were implemented effectively.

Occasionally, but GITSP often has existing guidelines that suffice.

No, proposing measures isn’t necessary with GITSP in place.

I have, but the proposals were not accepted due to GITSP alignment issues.

. Yes, and we fully integrate it with GITSP guidelines.

No, but we rely on GITSP to cover most of the necessary areas.

Yes, but it overlaps with GITSP, causing some confusion.

No, and GITSP alone is sufficient for our needs.