Objectives & Outcomes
Control & DirectionObjectives & Outcomes gives security leaders a structured way to define, cascade, and track goals across every level of the security organization. The module implements a three-tier goal hierarchy — CISO Goals, Team Goals, and Individual Goals — so that strategic commitments flow down into measurable team deliverables and personal contributions, and progress rolls back up into a single aggregated dashboard.
Objectives & Outcomes integrates with Strategy (goal-to-strategy alignment), Project Management (task-level execution), Policy Lifecycle (policy linkage), Audit Management (maturity assessment linkage), and Operating Model (team assignments).
How the goal hierarchy works
Goals cascade from the top of the security organization down to individual contributors:
| Level | Purpose | Owned by |
|---|---|---|
| CISO Goals | Strategic objectives aligned to board and business priorities | CISO or security leadership |
| Team Goals | Deliverables assigned to a specific team that support a parent CISO Goal | Team leads or managers |
| Individual Goals | Personal contributions that support a parent Team Goal | Individual team members |
Each level links to the one above it, creating a traceable chain from strategic intent to day-to-day execution. Status changes at any level are reflected in the aggregated Goals Dashboard.
What’s included
- Goals Dashboard — Aggregated view of goal health across all three tiers with status breakdowns and summary statistics.
- CISO Goals — Define and manage top-level strategic objectives, link them to strategies, policies, controls, projects, and maturity assessments.
- Team Goals — Break CISO Goals into team-level deliverables with team assignments and task linking.
- Individual Goals — Track personal contributions that roll up into Team Goals.
Goal statuses
All three goal levels share the same status lifecycle:
| Status | Meaning |
|---|---|
| Not Started | Goal has been created but work has not begun |
| In Progress | Active work is underway |
| On Track | Work is progressing and expected to meet the target date |
| At Risk | Progress has stalled or the target date is in jeopardy |
| Completed | Goal has been achieved |
| Cancelled | Goal has been withdrawn and will not be pursued |
Period types
Goals can be scoped to a time period that matches your planning cadence:
| Period type | Use case |
|---|---|
| Annual | Yearly strategic objectives tied to board commitments |
| Quarterly | OKR-style goals aligned to quarterly planning cycles |
| Monthly | Short-cycle goals for fast-moving teams |
| Custom | Flexible date ranges for goals that do not fit standard cadences |
Each goal also supports a period label (e.g., “Q3 2025”, “FY2025”) for quick identification in list views and filters.