| IT Governance, Risk and Compliance Dashboard and Reporting |
| Risk and compliance scores are viewed by regulation, policy, framework and by role based on your actual polices and configuration data |
| Features |
Benefits |
- Compliance and Risk Gap Analysis and traceability Analysis to regulations and frameworks
- Drill down of compliance by asset, regulation, and control
- Risk Analysis on asset by Likelihood (Control Strength) and Impact (i.e. Criticality, Value, Confidentiality, Integrity, Availability)
- Automated and semi-automated test feeds and well as manual
survey-based test feeds
- Comprehensive metrics cover people, process and technology
- Trend analysis with notification though multiple channels (i.e. email) on critical risks or control failures (by reason, location, custodian)
|
- Dramatically raise risk and compliance visibility
- Quantify and qualify the state of compliance
- Decrease risk, improve analysis, remediation and decision-making
- Increase efficiency of root cause analysis
- Customize risk and control calculations with a flexible risk equation builder
|
| Workflow and Repository Management |
| Role-based workflow for work assignment, with review, escalation and status |
| Features |
Benefits |
- Repository of documents for evidence collection and storage in the database
- Role-based access to evidence
- Daily workspace for all users
|
- Reduce cycle time and redundancy
- Improve efficiencies and access
- Facilitate reuse of test results across multiple audits
|
| Multi-tiered People Process and
Asset Repositories |
| Features |
Benefits |
- Customizable multi-tiered hierarchy by such classifications as geography, organizational unit, business process, application, technology, criticality, legislation, framework
|
- Facilitate views from multiple perspectives
|
| Automated, Continuous Risk and Compliance Audits and Assessments |
| Automated testing through adaptors that integrate with elemental configuration monitoring and management systems |
| Features |
Benefits |
- Integrates with Symantec ESM, NetIQ Vulnerability Management and Microsoft SMS out of the box
- Integrates with any data source using Brabeion's custom adaptor SDK
- Integrates questionnaires/surveys for controls (IT controls for which there is no integration, manual controls (BCP, data handling, employee background checks etc) and physical controls or an automated test with human review
- Ability to define and customize tests
- Exception and Remediation Management – Automatic identification and prioritization of remediation requirements – Temporary or permanent exception to accept the exposure on control (residual risk = accepted risk) – Tracking the issues by asset, custodian, status and date
|
- Demonstrate value and return on investment in days, not years
- Integrate with security, network and infrastructure solutions,
Threat and Vulnerability Management, IT Configuration and Change Management and Network Systems Management platforms
- Dramatically lower cost and cycle time
- Enhance and formalize audit, risk and compliance programs
- Strengthen relevance of control design and adherence to polices
|
| Surveys for Self-Assessments |
| Features |
Benefits |
- Automated questionnaires/surveys for people (roles), processes (business and manual processes) and technology controls library of over 600 pre-built queries based on ISO27002 standards
- Defines and customize tests, following a streamlined workflow
- Distributes surveys to participants via web-based interface, with email notification, url links to questionnaires, authentication and tracking
- Provides automated general computer controls collection for dashboards, reporting, remediation and exception management
|
- Demonstrate value and return on investment in days, not years
- Dramatically increase accountability, support governance mandates, lower cost and cycle time
- Strengthen relevance of control design and adherence to policies
- Streamline remediation, exception and prioritization process; lower costs, risk and accelerate time to compliance
|
