STREAM Integrated Risk Manager
Transcription
STREAM Integrated Risk Manager
STREAM Integrated Risk Manager Liberty House 222 Regent Street London W1B 5TR United Kingdom info@acuityrm.com www.acuityrm.com What is STREAM? STREAM is a Governance, Risk and Compliance (GRC) software Framework which allows the user to quickly and easily configure their own GRC Tool. STREAM supports the following integrated GRC requirements: Risk assessment & management Action management Compliance measurement & management Workflow and alerting Incident logging & management Reporting Unrivalled configurabilty Easy to use Scalable Actionable intelligence ‘Risk management made simple’ STREAM can be used for single-user, single-application requirements, e.g. to manage compliance with management system standards (such as ISO 27001, PCIDSS, ISO 9001), for vendor risk management across extended supply chains, right up to complex multi-user, multi-application requirements across global organisations. Key Features Actionable Intelligence Intuitive & Easy to Use Workflow Report in real-time on: risk status against risk appetite and tolerances; compliance status against control standards, and; performance of key controls using metrics. See the risk gauges and charts change as threats change, performance against key metrics improves or major non-compliances are addressed. Log-in to STREAM and see your personal dashboard of risks, controls, incidents and actions. Quickly jump to items requiring your attention. Receive email notification on allocation of risks, controls, incidents and actions with reminders of forthcoming deadlines for actions, assessments and approvals. Flexible & Configurable Robust, Secure & Scalable Whether you want a robust alternative to internally developed spreadsheets, to demonstrate compliance and achieve certification against standards or to implement a comprehensive Enterprise Risk Management solution you will find STREAM quick and easy to configure to your specific requirements. Start with our free single-user version as a proof-of-concept then extend to your team and Enterprise-wide. Sophisticated usermanagement restricts visibility of risks, controls, incidents and actions to those with appropriate permissions. Managers can see summary views with drill-down to the detail. Benefits More efficient GRC processes Fewer business disruptions Better targeting of resources Greater assurance Low cost of ownership Enhanced reputation © Acuity Risk Management LLP 2013 Risk Management STREAM is very easy-to-use yet provides valuable business information about your risk status. You can see at a glance where current levels of residual risk exceed tolerance and risk appetite. Managers with responsibility for different business units can easily track the material risks to their business objectives and the risk responses. This information is instantly available Enterprise-wide (subject to user permissions) providing aggregate views and comparison across the business. You can define your own risk assessment schemes for different types of risk, such as Confidentiality, Integrity, Availability (CIA) for information risks. Risk Registers display all of the material risks relating to a specific business unit, line of business, process, system, application or project. Risk Registers can be aggregated to a regional, business area, technical, programme or other grouping and from there to the Enterprise level. You can drill down to see mitigating controls. You can track the health of important risk mitigating controls and see how the performance of these controls affects residual risk status. Actions can be raised, allocated to owners and their status tracked through the STREAM workflow. Risk Reporting STREAM can analyse data from both real-time feeds and user inputs to provide easy to use, real-time management dashboards and reports. Risk - related reports include Top 10 risks, Residual Risk Summary, Risk History, Risk Treatment Report and Return-on-Investment, plus drillable Risk Registers with comparison against Risk Appetite. © Acuity Risk Management LLP 2013 Compliance Management You can use easily configure STREAM with control standards and then measure and report on your compliance status. Compliance data can be input to STREAM directly by users, via off-line questionnaires or imported from feeder applications. Users can raise and allocate improvement actions and track the status of these using STREAM workflow. By integrating compliance management and risk management, STREAM allows you see how your compliance status influences your risk status - with weak compliance for critical assets resulting in high levels of residual risk. You can record incidents and near-misses and link these to risks and controls, raising improvement actions as necessary. An optional Control Approver role allows control assessments to be independently verified and approved. STREAM workflow keeps track of when assessments and approvals are due. Actions can be raised against risks, controls and events and allocated to Owners. STREAM workflow alerts action owners and reminds them when target dates are approaching. As improvement actions are completed, compliance assessments can be updated and new compliance and associated risk status reports and dashboards are instantly available. Compliance Reporting STREAM can analyse data from both real-time feeds and user inputs to provide easy to use real-time management dashboards and reports. Compliance - related reports include Control Status, Control History, Statement of Applicability, Control Approval Status, Incident Status, Action Status plus drillable dashboards and Control Assessment screens filtered by controls that you own, assess or approve. Data can be exported to MS Excel for further analysis or reporting. © Acuity Risk Management LLP 2013 Incident Management Acuity Risk Management You can log incidents and near-misses, record impacts, link to threats and controls, attach relevant documents and raise remediation actions. Acuity Risk Management LLP is a specialist provider of Governance Risk and Compliance (GRC) software solutions and related services. Statistics on frequency and severity of incidents can be used to refine and improve risk assessments. Acuity’s consultants have implemented risk management processes and software solutions for hundreds of organisations in every major business sector. Graphical reporting shows current and historical status. Configure your own STREAM GRC Solution Use STREAM instead of For further information on STREAM or Acuity Risk Management please contact us at info@acuityrm.com or visit our website: spreadsheets to build and pilot your own GRC tool Technology STREAM was designed as a configurable framework meaning that it can be configured to meet your specific need quickly and easily. Configurable items include: STREAM scales seamlessly from single-user to multi-user Enterprise wide GRC STREAM is the result of this collective experience and the market need for ‘easy to use’ , configurable risk management solutions that provide valuable actionable intelligence. Flexible, unlimited, hierarchical model for risk and compliance aggregation, drill-down and reporting views Risk assessment and control assessment schemes and measurement criteria Threat lists, control standards, asset classes, dependencies and mappings Risk categories and Incident types Control approval and risk acceptance criteria Email alerting Thresholds, colour schemes and settings Import and export of data to third party tools. Pre-configured content can be downloaded from our on-line store and uploaded to your STREAM system or you can use the STREAM Content Builder to quickly and easily add your own content. © Acuity Risk Management LLP 2013 STREAM is a robust, scalable, high-performance MS Windows SQL Server application which can be implemented on your own network or via our hosted ‘Software as a Service’ solution. User access can be provided via web browser, mobile devices (including iPad, iPhone, Android) and thin client.