Application Summary



Risk Management App Summary

Risk Library

  • Access and update the central risk library
  • Maintain standard taxonomy across risks
  • View and update organizational structure
  • Push updated risk and control information to all assessments

KRIs (Key Risk Indicators)

  • Create and set thresholds for KRIs
  • Assign KRI owner for update
  • Daily, weekly, monthly, quarterly, and annual trending of KRI
  • System alerts when KRI is out of the threshold

Assess & Track Risks

  • Notify risk owners to perform risk assessments
  • Risk owners can perform step-by-step risk assessments, including:
    • inherent and residual risk assessment
    • document contributing factors and consequences 
    • identify and connect controls from the library
    • Link controls to a central library of policies
    • view KRI and risk event trends over time 
  • Visualize connections in a graph to determine interconnectivity
  • Determine treatment and escalate if necessary
  • Create and assign an action plan for risk

Cross-Team Collaboration

  • Share assessments of controls across business units and second-line functions
  • Centralize risk data with Internal Audit and IT Risk applications 
  • Automated notifications of completed audits for review of final audit reports and issues
  • Tag team members for comments and information requests

Identify Risks

  • Input new risks or access the pre-populated risk register
  • Categorize risks into risk categories, processes, or objectives
  • Assign risk to a risk owner for analysis

Loss Events for Financial Institutions

  • Log loss event
  • Categorization of risk events 
  • Reporting on event type

Key Reporting

  • Best practice out-of-the-box reports, including
    • Risk Committee Summary Reports 
    • Heatmaps at Corporate and Business Unit levels
    • Risk and Control Matrix
    • First Line user Dashboards
    • Issues and Action Plan Status
    • KRI status and risk appetite report
  • Loss Event Summary Report

Issues & Actions

  • Create and assign an action plan
  • Track progress of action plans
  • Issue status report

Facilitate Periodic Risk Assessments

  • Launch risk assessments across business units or functions
  • Status reports of completion, including overdue assessment

Internal Audit App Summary

Library Management

  • Manage library of possesses, risks, controls, and tests
  • Manage Business Unit structure and Audit Universe
  • Template setup and modification

Key Reporting

  • Best practice out-of-the-box reports, including
    • Audit Plan & Status
    • Audit Committee Summary
    • Company-wide Issue Summary
    • Final Audit Report
    • Audit Universe Heatmap
    • ERM output for Internal Audit

Planning & Risk Assessment

  • Add audits to plan, assign timeline, assign auditors & audit clients
  • Track overall audit capacity and budget
  • Assess auditable entity risk factors and view trending of risk scores 
  • Access live ERM risk assessment results

Engagement Planning

  • Scope in relevant processes, risks, controls, and tests from the library
  • Update risk & control matrices
  • Establish, send, and update document request list
  • Automated notifications to audit clients of document requests, audit details

Fieldwork

  • Customized templates with embedded guidance
  • View results of prior evaluations of controls and tests
  • Assess individual risks
  • Document process narratives, test procedure results, and conclusions using a rich text editor
  • Upload & review work papers
  • Automated test sign-off capabilities 
  • Draft issues and actions

Cross-Team Collaboration

  • Access risk data from ERM to drive audit plan
  • Automated notifications of completed audits & distribution of final audit reports to the ERM team
  • Tag team members for comments and information requests

Audit Findings

  • Assign issues to owners, including dates and remediation/action plan
  • Due date notifications for outstanding issues and actions
  • Report on issues & actions company-wide or by audit

Audit Client Portal

  • Upload documentation requests
  • Update and remediate outstanding/overdue issues and actions
  • View Final Audit Report

Audit Report

  • Automated Final Audit Report with an executive summary, key findings, conclusion, and audit rating Summary of issues by risk area Individual issue and corrective action summaries Overall control effectiveness summary Export to PDF

Compliance Management App Summary

Assess Risk

  • Notify Requirement Owners to perform an assessment with due dates
  • Perform inherent risk assessment
  • Document controls, including access to your organization’s controls library
  • Share assessments of controls across business units and second-line functions
  • Link controls to a central library of policies
  • Assess residual risk
  • View risk trends over time from daily to quarterly to annual monitoring

Review, Remediation, & Monitoring

  • Document any issues associated with the requirement
  • Assign action plans
  • Monitor / escalate overdue issues

Content Updates (Resolver Only)

  • Receive in-app alerts regarding regulatory changes, new legislation, and bill drafts as they occur 
  • Updated requirements summarized in a report
  • Notifications to inform the compliance team about specific regulatory changes

Applicability Assessment

  • Scope in relevant requirements for each framework
  • Assign requirement owners to a requirement

Compliance Testing

  • Select requirements for testing
  • Document testing, including design and operating effectiveness
  • Testing Plan report

Key Reporting

  • Out-of-the-box Company and Business level reports:
    • Compliance Management Status Dashboard
    • Compliance Executive Summary
    • Issue Summary
    • Regulator Overview 
    • Inherent vs Residual Risk
    • Status Reports
    • Requirement and Control Matrix
    • First Line user Dashboards

Managing Library of Content

  • Access to the library of relevant content
  • Upload own content to maintain in library
  • Receive updates on selected Resolver content*
  • Push updated regulatory content and control information to all assessments

Vendor Risk App Summary

Vendor Risk Assessment

  • Determine the criticality of a vendor to the organization
  • Risk rate vendor engagements based on its responses to questionnaires 
  • Log and track remediation 
  • Tie critical vendor engagements to information assets and their related risks, sourcing from our IT Risk Application
  • Receive automated notifications when Vendor Contracts expire

External Vendor Portal

  • External vendors can 
    • Receive alerts and information requests
    • Send responses to questionnaires and attach any supporting documentation. 
    • Communicate with the requestor
    • Provide updates on remediation items

Vendor Reporting

  • Out-of-the-box reports including:
    • Vendor Profile Reports 
    • Vendor Criticality Reports 
    • Geographic Overview of Vendors
    • Gaps and Remediation Activities
    • Vendor Engagement Status Reports

Vendor Repository

  • Access and build a repository of third-party providers across the organization. 
  • Categorize vendors, including contact details, type, certifications, and associated vendor engagements.
  • Push updated questionnaire information to all assessments

Vendor Questionnaires

  • Supports vendor engagement assessment for vendors that provide multiple services
  • Send pre-populated standard SIG/SIG Lite* questions covering security, access, privacy, resiliency, and other risks to the vendor for response
  • Maintain and leverage multiple questionnaire frameworks depending on vendor engagement type or criticality
  • Custom questionnaire support

Employee Request Portal

  • Any internal employee can:
    • Request approval to outsource a particular function of the business to a vendor  
    • Obtain status updates and approval for a vendor request

Internal Controls App Summary

Key Reporting

  • Best practice out-of-the-box reports, including
    • Audit Committee Summary
    • Internal Controls Status Report
    • Control Effectiveness Summary
    • Company-wide Issue Summary
    • Testing Dashboards   
    • Certification Summary
    • Financial Statement Account Scoping

First Line Portal

  • Keep key Processes & Controls up to date
  • Upload documentation requests
  • Update and remediate outstanding/overdue issues and actions
  • Document BU-level certifications

Cross-Team Collaboration

  • Test once and share across Internal Audit and Internal Controls
  • Share results of controls to be relied on by other Second Line functions
  • Tag team members for comments and information requests

Testing

  • View results of prior evaluations of controls 
  • Document process narratives, test procedure results, and conclusions using a rich text editor
  • Upload & review work papers
  • Automated test sign-off capabilities
  • Draft issues and actions

Deficiencies

  • Assign issues to owners, including dates and remediation/action plan
  • Due date notifications for outstanding issues and actions

Library Management

  • Manage library of processes, risks, and controls
  • Manage business unit structure & financial statement accounts
  • Template setup and modifications
  • Push updated process and control information to all assessments

Financial Statement Scoping

  • Set financial materiality levels
  • Establish consolidated and sub-account structure
  • Map accounts to assertions and business processes
  • Assess the risk of individual accounts to determine the scope of testing

Planning & Walkthrough

  • Scope in relevant processes & controls from the library
  • Update risk & control matrices
  • Send processes & controls to the first line to identify changes to narratives and descriptions
  • Document walkthroughs and conclude on design effectiveness
  • Establish, send, and update document request list

Certifications

  • Send quarterly or annual certification letters to Business Unit leads
  • Embedded summary reporting to review control effectiveness and issue status before signing off

IT Risk App Summary

Assess & Treat Risks

  • Notify risk owners to perform risk assessments
  • Risk owners can perform step-by-step risk assessments, including:
    • inherent and residual risk assessment
    • confirm, identify, or connect IT controls from the library
    • Link controls to a central library of policies
    • assess control effectiveness
    • Share assessments of controls across business units and second-line functions
  • Visualize connections in a graph to determine dependencies
  • Determine treatment and escalate if necessary

Issues & Actions

  • Create and assign an action plan
  • Track progress of action plans
  • Action plan status report

Facilitate Period Risk Assessments

  • Launch IT risk assessments across business units or functions
  • Status reports of completion, including overdue assessments

Identify Information Assets

  • Create and categorize new assets, including type and location
  • Assess criticality using confidentiality, integrity, and availability criteria 
  • Link critical assets to relevant vendor engagements with integrations to our IT Risk Management Application

Identify IT Risks

  • Identity IT risks considering:
    • common threats and vulnerabilities
    • identified critical assets 
  • Assign risk to a risk owner for assessment

Announcement Portal

  • Send important updates for IT risk and control owners

Key Reporting

  • Best practice out-of-the-box reports, including
    • Heatmaps at the Corporate and Business Unit level
    • Risks by Threat Category
    • Asset Criticality Report
    • Top IT Risk Profile Report
    • Issues and Action Plans, including status and due dates
  • Access to Data Warehouse to build custom reports using BI tools (e.g., Tableau®, Microsoft Power BI®, etc.) 

Data Subject Access Request Portal

  • Leverage our request portal to capture any relevant privacy requests to your organization
  • An External facing portal that allows privacy requests to be submitted
  • Triage and manage requests in-app, with a suite of dashboards to maintain oversight

Risk Library

  • Access and update the central IT risk library
  • Maintain standard taxonomy across risks
  • View and update organizational structure
  • Push updated risk and control information to all assessments

IT Compliance App Summary

Managing Library of Frameworks

  • Access Resolver’s library of IT Security Frameworks, including hierarchical drill down capability (e.g., NIST 800-53, ISO 27001, SOC II) - Resolver Content is sold and managed independent of application pricing
  • Access to Framework Requirement mappings, which connect requirements between select frameworks to maximize evidence submission use
  • Subscribe to Resolver’s Content Management services to receive relevant content updates and news1
  • Upload additional frameworks to supplement the IT framework library 
  • Push updated frameworks and control information to all assessments

Document Controls & Attach Evidence

  • Identify and document controls, including access to controls library
  • Notify control owners to provide evidence submissions with due dates
  • Collaborate with control owners using the comments section to align on proper evidence submission
  • Link controls to a central library of policies
  • Share assessments of controls across business units and second-line functions

Remediation & Monitoring

  • Leverage our request portal to capture any relevant privacy requests to your organization
  • Document any framework gaps and delegate actions
  • Centralize issues into single oversight dashboards 

External Audit Review

  • Limited access to view citations, controls and accompanying control evidence

Key Reporting

  • Out-of-the-box Company and Business level reports:
    • Framework Coverage Report
    • IT Control Owner Dashboard
    • Authority Document Progress and Overview Report
    • Authority Document Final Report
    • Issue Report by Authority Document

Data Subject Access Request Portal

  • An External facing portal that allows privacy requests to be submitted
  • Triage and manage requests in-app, with a suite of dashboards to maintain oversight

IT Control Owner Portal

  • View and action due tasks 
  • Submit control evidence with attachments
  • Submit evidence notes and communicate with IT Compliance Team via the comments section
  • Rate effectiveness of the controls and view trending over time

Incident Management App Summary

Library Management

  • Build Organizational Structure including Regions, Business Units, Departments, Markets, and Locations for careful segmentation of incident data and reporting dimensions
  • Identify Incident Types to be reported and standardize categorization of each type, along with determining business flow for each type
  • Load lists of people, organizations, vehicles, items, and assets for easy identification in incident involvements

Incident Reporting Portal/Intake

  • Simplified Incident Reporting form for users to report incidents with zero training required on the system
  • Authenticated users (via SSO or Invites for username and password creation) can save as draft, monitor their submission for resolutions, and follow up on requests for more details
  • Support unauthenticated users with an autogenerate URL for one-way reporting of incidents from any device. You can request contact details to follow up via email or phone or allow anonymous submissions for whistleblower regulations
  • Portal submissions can flow through a gated triage process to validate the information and ensure clean data for reporting or can automatically be routed to supervisors or investigators for immediate follow-up
  • Submission text data in any language can be translated to a base language during the review, supporting localized language portals

Detailed Incident Data Collection

  • What Occurred - Incident Type identification can drive additional fields and workflow actions
  • Where did it Occur – Incident Location details include geographic information and demographic details like location type, areas, and headcounts. Identify locations by using a map or auto-generation of addresses
  • Who or what was Involved – Link people along with associate organizations, vehicles, assets, or items
  • Business Impact – Track departments or business units responsible for or will be impacted by the disruption of the incident
  • Financial Impact - Track assets affected. Indicate Loss values and recoveries. Identify total exposure and losses averted

Track Tasks and Assignments

  • Create and assign tasks
  • Reminders of work remaining and upcoming due date
  • View tasks for a team and manage incidents to completion

Investigation and Case Management

  • Escalate Incidents to the Investigation team for more detailed follow-up
  • Record additional information about the incident like interviews and evidence
  • Attach searchable documents 
  • Log time and Expenses of the investigation
  • Monitor key suspects to Persons of Interest for BOLO or Watchlists
  • Consolidate key incidents investigation into a single Case

Key Reporting

  • Detailed Incident Reports for Law Enforcement and Legal follow-up
  • List report summarizing recent incidents
  • Business Unit and Location overviews providing key aggregate incident indicators
  • Open Incident and Aging reports to ensure efficient review and follow up
  • Incident Breakdown reports by any dimension (location, type, business unit, etc.)

Root Cause, Outcomes, and Corrective Actions

  • Document Contributing Factors and Root Cause of the incident
  • Identify the effectiveness of Security Controls and key issues
  • Create and assign action plans to control owners for remediation

Security Risk Management App Summary

Site Audits

  • Identify key requirements for each site in a structured review framework
  • Upload own content to maintain in library
  • Scope in relevant requirements for each Site Audit from the library frameworks
  • Support routine checklists with high re-assessment frequencies with minimal effort. 
  • Schedule Site Audits with Location Managers or external Auditors
  • Record Assessments scores and findings, including photos and attachments
  • Identify key Issues and Actions required for critical gaps

Issues and Action Plans

  • Centrally manage open issues by issue owner or location
  • Follow through on action items from open to final resolutions

Key Reporting

  • Incident and Risk Heatmaps by Location or Asset
  • Deficiency reports for active Issues
  • Completed Audit Reports outlining key findings and outcomes

Detailed Asset Identification

  • Profiles of Locations and key Assets, including related Risks, Employees, Policies and Audit Frameworks
  • Dependency Modeling what business units and processes rely on the asset
  • Replacement Value of the Asset

Risk Identification

  • Risk Identification for each location and asset
  • Align Security Risks with Incident Types from actual Incidents
  • Identify Threats, Vulnerabilities, and Existing Controls
  • Estimate the Likelihood, Impact, and Consequence of the Risk occurring

WAVR-21 App Summary

Observation of Concern Reporting

  • Easily enable anyone to report a concern or observation of violent behavior
  • Quickly screen the intakes based on six factors to determine actions
  • Assign priority and a case manager

Case Management

  • Profile the Subject of Concern, including additional sources or historical incidents
  • Complete a questionnaire to determine if a full assessment is required
  • Based on recommendations, outline an action plan for the threat

Person Assessment

  • Assign a certified WAVR-21 assessor
  • Quick Reference to the WAVR-21 content for 21 areas
  • Document Assessment Outcome
  • Complete multiple assessments over time to trend violent indicators

Key Reporting

  • Assessment Summary Report
  • Case Log Report

Command Center App Summary

Activity Tracking

  • Track basic security activities performed based on type, location, officer, and time spent.
  • Escalate any security activity to an incident to fully document incident details (requires IM)
  • Document Service Requests\Work Orders assign owners and managers in a single view

Dispatch

  • Setup Security Operation Zones, Teams, and Officers
  • Create a dispatch call quickly with templates
  • Add comments and messages to dispatches and coordinate with the team
  • Schedule one-time activities or reoccurring
  • Configure rules and notifications
  • Monitor active calls and officers via integrated maps

Alarm Handling with Access Control Integrations

  • Register devices and plot onto floor plans
  • Set up rules for events by type, device, or time
  • View alarms on the floor plan easily escalate to dispatch
  • Auto-Acknowledge and Close the alarm in the source system

Key Reporting

  • Officer response time metrics by Activity Type
  • Daily activity logs
  • Activity by site