What is Tracer?

Tracer is a Compliance Portal where Data Collection Forms, supporting documentation/evidence, and other files may be securely provided to ecfirst. The Tracer Compliance Portal is also where you may securely download reports and other documents from ecfirst.

Devices Supported

The Tracer Compliance Portal uses a responsive design that changes the display depending on the screen size of the device used to access it. It does require the use of a modern web browser.

On a large screen, such as a laptop or desktop device, the display will show:

On a small screen, such as a mobile device, the display will show:

User Access

Sign into the Tracer Compliance Portal by entering your user name and password. Your user name is your email address. Once your account is created, ecfirst will deliver your password to you. You are required to change your password the first time you log-in to Tracer.

Forgotten/Lost Password

If you forget your password, you may reset it at any time using the Forgot Password? link displayed at the bottom of the log-in screen. Enter the email address associated with your account on the Recover Password screen.

Once you submit your email address in the Recover Password prompt, a reset password email will be sent to that email address if it is associated with a Tracer account.

The email contains a link that is valid for 15 minutes or until you change your password. When you click on the link, it will open a page allowing you to change your password.

If you still have problems accessing your account, please contact ecfirst.

Automatic Logout

If you are inactive for a period of time, Tracer automatically will end your session. You will receive a pop-up warning indicating your session will expire in 1 minute if you do not continue. If you are logged out automatically, you will be redirected to the login page where you will have to re-enter your credentials to continue.

User Logout

To logout of your account, select the user image at the top right of the page. This will open the logout menu. Click on the Logout button to end your session.

Tracer Home

At any point while in the Tracer Compliance Portal, you may navigate to the Home Page by selecting the Tracer image at the top center of the page.

About Tracer

To access information about Tracer, including the Tracer User Guide and other useful links, select the information button at the top right of the page.

Navigating in Tracer

When you first login to Tracer, the Projects tab will display. The Projects tab will list Project Categories in which you have active engagements.

Client Selection

If you have access to multiple clients, such as users in an organization with multiple locations undergoing separate assessments and engagements, you will see multiple clients listed when you first login to Tracer. Select your location and/or engagement to proceed.

If at any point you want to select a different client while logged in, use the Select Client button at the top right of the page to select a different client.

If you have access to multiple clients, the client you currently are working with will always display in the top right corner of the screen.

Once you select a client, or if you have access to only one client, the Projects tab will display.

Selecting a Project Category

The Projects tab will list Project Categories in which you have active engagements.

You may also navigate between Project Categories from any page using the Navigation menu at the top left of the page.

Once you’ve selected a Project Category, all the Data Collection Forms (DCF) required for your engagement will be displayed.

Risk Assessment Module

Cybersecurity Assessment Module

Note: This screen shows all of the Cybersecurity Assessment tier DCFs. For your engagement, only the DCF for the tier you’ve selected will be displayed.

Contingency Module

Note: For your engagement, only the contingencies you have selected will be displayed.

File and Document Access Module

Note: For your engagement, only the options you have selected will be displayed.

Data Collection Forms (DCF)

The DCF is where you will enter the data ecfirst requires for your assessment or contingency plan. The DCF tracks the percentage of completion as you enter your information.

Risk Assessment DCF

The Risk Assessment DCF includes sections for:

  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Privacy & Breach
  • Data Center
  • Group Health Plans

To complete the DCF, click on a button in the category you wish to work on. Be sure you go through each button in each category to complete your DCF. If you do not have the requested information or it does not apply, note that on the DCF.

Cybersecurity Assessment (CA) DCF

The information needed for the Cybersecurity Assessment DCF depends on the tier you select for the engagement. Sections include:

Bronze CA
  • Client Contact Information
  • External Assessment
Silver CA
  • Client Contact Information
  • External Assessment
  • Firewall Assessment
Gold CA
  • Client Contact Information
  • External Assessment
  • Firewall Assessment
Platinum CA
  • Client Contact Information
  • External Assessment
  • Internal Assessment
  • Wireless Assessment
  • Firewall Assessment
Titanium CA
  • Client Contact Information
  • External Assessment
  • Internal Assessment
  • Wireless Assessment
  • Firewall Assessment
Web Application Pen Test
  • Client Contact Information
  • Web App Pen Test
External Network Pen Test
  • Client Contact Information
  • Pen Test Schedule
Internal Only CA
  • Client Contact Information
  • Internal Assessment
  • Wireless Assessment
  • Firewall Assessment
Wireless Only CA
  • Client Contact Information
  • Wireless Assessment

To complete the DCF, click on a button in the category you wish to work on. Be sure you go through each button to complete your DCF. If you do not have the requested information or it does not apply, note that on the DCF.

Contingency Plans DCF

The information needed for the Contingency DCF depends on the type of contingency plan for which you have engaged ecfirst. Two examples are shown.

Disaster Recovery Plan (DRP)
  • In-scope locations
  • Roles and Responsibilities
  • Data Center Operations
  • Hardware and Equipment
  • End User Equipment
  • Disaster Recovery Strategies
  • Key Contacts
  • Applications and Platform Servers
Business Impact Analysis (BIA)
  • BIA Data Collection Form
  • BIA-IT Data Collection Form

To complete the DCF, click on a button in the category. Be sure to go through each button to complete your DCF. If you do not have the requested information or it does not apply, note that on the DCF.

Uploading Files within DCFs

While completing your DCF, you will be prompted to upload files such as a policy, procedure, or configuration. Select the appropriate files and click the Upload button. Only the users identified by the client are authorized to upload information to the portal. Contact ecfirst to request modifications to your list.


Uploading Additional Files

If you wish to upload additional files outside of a specific DCF, click the File Upload/Access button under File and Document Access. Upload your documents.


Downloading Files

ecfirst uses the Tracer Compliance Portal to deliver your final report/contingency documents and any additional documentation or files related to your engagement. The person designated as the Point of Contact (POC) at your organization will receive notification via email when documents are ready for download. Only staff designated by the client have access to download the ecfirst supplied files. Contact ecfirst to request modifications to your list.

To download your files, go to the File and Document Access tab and click on From ecfirst. Here you will find all deliverables and documents from ecfirst.

Your access to data contained in Tracer is available for 31 days from the end of your engagement. Access is extended for multi-year clients or client who purchase an extended Tracer Subscription.