Skip to content
  • There are no suggestions because the search field is empty.

Tools

Also called: Software, Platforms, Applications

What it is

A Tool is a product used by an organization to perform functions or tasks. A tool may be software, hardware, or a combination of both.

Where tools fit

Tools carry out actions such as scanning, monitoring, logging, enforcing settings, calculating results, or generating outputs. They are mechanisms for doing work, not statements of intent or judgment.

A tool exists independently of any particular policy, assessment, or audit.

Why tools exist

Organizations use tools to:

  • Automate work

  • Increase consistency

  • Reduce manual effort

  • Monitor systems and activity

  • Enforce configurations

  • Generate information and records

Tools make work possible at scale, but they do not define whether the work is sufficient, correct, or compliant.

Common examples of tools

  • Vulnerability scanning tools

  • Penetration testing platforms

  • Logging and monitoring systems

  • Ticketing systems

  • Identity and access management systems

  • Configuration management tools

  • Cloud service platforms

  • Security testing and analysis tools

Tools vs Assessments

Tools may be used as part of an assessment, but a tool is not an assessment by itself.

  • A tool performs tests or collects information

  • An assessment evaluates results and draws conclusions

For example, a vulnerability scanner is a tool. Running it produces results. Reviewing and interpreting those results is an assessment.

Tools vs Artifacts

Tools often produce artifacts, but they are not artifacts themselves.

  • The tool is the system performing work

  • The output (report, export, log, screenshot, or record) is the artifact

Those artifacts may later be reviewed and accepted as evidence.

Tools vs Services

Tools vs. Services

A tool is a product.
A service is work performed by people, often using tools.

For example:

  • A vulnerability scanner is a tool

  • A managed vulnerability scanning offering is a service

Tools may be purchased or built internally. Services are delivered.

How tools are represented in FutureFeed

In FutureFeed, Tools and Services are grouped together for efficiency.  They may be:

  • Documented as part of the organization’s environment

  • Referenced by assessments or audits

  • Sources of artifacts and evidence

  • Associated with configurations, processes, or services

The presence of a tool does not imply effectiveness or compliance. What matters is how the tool is configured, used, and reviewed.

Common confusion

In practice, tools are often described as “doing the assessment,” “being the evidence,” or “providing compliance.” This shorthand is common but imprecise.

In this documentation model:

  • Tools perform functions

  • Assessments evaluate results

  • Artifacts record outputs

  • Evidence is reviewed and accepted proof

Keeping these roles distinct helps organizations understand what exists, what happened, and what conclusions were reached.

Why this matters

Clear distinctions between tools, assessments, artifacts, and services help organizations:

  • Avoid overstating conclusions

  • Organize documentation consistently

  • Track results over time

  • Communicate clearly with stakeholders

FutureFeed Footer – Newest