STREAM Integrated Risk Manager Take control of your GRC

Size: px

Start display at page:

Download "STREAM Integrated Risk Manager Take control of your GRC"

Earl Abel Russell
5 years ago
Views:

1 STREAM Integrated Risk Manager Take control of your GRC

2 Governance Risk & Compliance

3 The Board wants answers

4 Spreadsheets won t do the job

5 STREAM Automation for GRC Risk Registers Integrated Management Systems Data Sources and Key Indicators Risk & Control Self Assessments

6 Risk Registers Automated Risk Registers Identify, analyse, evaluate, treat and monitor risks Enterprise dashboards and reporting Drill down for more detail

7 Risk & Control Self Assessments Automated Risk & Control Self Assessments Assess, improve, treat and monitor compliance with risk and control frameworks Assess risks of non compliance Risk based prioritisation of control improvements

8 Data Sources & Key Indicators Automated import of key indicators Metrics from scanning and monitoring systems Mapping technical data to business risks Real-time updates of risk and compliance status

9 Integrated Management Systems Management Systems Automated Integrated Management Systems Risk Registers, Risk & Control Self Assessments Key metrics and data sources Incident logging, management and monitoring Event management Dashboards and reporting Cyber Security Management Systems Cybersecurity risk and compliance, such as: ISO 27001/2 Information Security Management System PCI DSS Compliance Security Policy Framework Cyber Security Essentials NIST Cyber Security Framework Information Security Forum ISO Security for the Supply Chain Etc.

10 Integrated Management Systems Management Systems Cyber Security Management Systems Business Continuity Management Systems Project and Quality Management Systems HSSE Management Systems Supply Chain Management Systems etc. Automated Integrated Management Systems Risk Registers, Risk & Control Self Assessments Key metrics and data sources Incident logging, management and monitoring Event management Dashboards and reporting All types of management system standards such as: ISO Information Security Management ISO 9001 Quality Management ISO Business Continuity ISO IT Service Management ISO Environmental Management BS OHSAS Health & Safety Etc.

processes User Management Email Alerting / Reminders

11 You can do all of this in a Single Integrated Database with shared dashboards, reports and supporting processes User Management Alerting / Reminders Dashboards & Reporting Workflow and Scheduling Action Management

12 Who we work with customers

involved in managing compliance with standards while delivering effective risk management.

13 Recognition 2014 Risk and Policy Management Group test: STREAM is a: Great tool for business intelligence/enterprise risk management and reporting Comprehensive, configurable, yet simple-to-use software product which automates the complex processes involved in managing compliance with standards while delivering effective risk management. The tool integrates compliance with risk management in a business context. It achieves this through an innovative yet simple and logical approach that is easily understood and explained

14 Intuitive and easy to use Intuitive Framework set-up & easy to use

15 Personal Home Page At a glance status of risks, controls and incidents Integrated workflow with automated notifications and alerting

Control summary ISO 27001 example Report on control status by business area

16 Control summary ISO example Report on control status by business area and control standard Aggregate up by various groupings or the entire Enterprise

17 History of incidents & near-misses

18 Average impact of incidents

19 Top 10 risks

20 Valuable actionable intelligence Actionable intelligence

21 Summary views of Risks View risks in relation to tolerance and business risk appetite Example shows summary risk status across the Enterprise

22 Drill-down for detail Detailed information risk register for the Trading business area See Red, Amber & Green risks and risk acceptance status

23 Key controls and metrics See the performance status of controls which mitigate each risk and the relative importance of each control

24 Raise Actions Raise actions against risks, controls, incidents and near-misses, and crossrefer Set a due date Record cost, priority, status Assign an owner Receive automated notifications and reminders

25 Actions management Track the status of improvement actions, identifying where they are overdue See the effect of completed actions on risk registers and reports

26 Risk history

27 Control history

28 Flexible and configurable Flexible & configurable

29 Framework set-up Easily configure multiple controls standards, threat lists, asset classes and the mappings between them Example shows ISO controls mapped to Web Server Platforms

30 Building an Asset Model Easily add or import information, business & technical assets Controls and threats are automatically linked to assets based on the Framework mappings

31 Control assessment & approval

32 Report across multiple standards

33 Flexible deployment options Traditional client server Virtualised client server, e.g. CITRIX or Microsoft s AppV Virtualised web-enabled mobile solution SaaS application, hosted in our data centre

34 Market positioning of STREAM

35 STREAM Benefits and RoI

36 Liberty House, 222 Regent Street, London W1B 5TR