IT Risk App Summary

Assess & Treat Risks

  • Notify risk owners to perform risk assessments
  • Risk owners can perform step-by-step risk assessments, including:
    • inherent and residual risk assessment
    • confirm, identify, or connect IT controls from the library
    • Link controls to a central library of policies
    • assess control effectiveness
    • Share assessments of controls across business units and second-line functions
  • Visualize connections in a graph to determine dependencies
  • Determine treatment and escalate if necessary

Issues & Actions

  • Create and assign an action plan
  • Track progress of action plans
  • Action plan status report

Facilitate Period Risk Assessments

  • Launch IT risk assessments across business units or functions
  • Status reports of completion, including overdue assessments

Identify Information Assets

  • Create and categorize new assets, including type and location
  • Assess criticality using confidentiality, integrity, and availability criteria 
  • Link critical assets to relevant vendor engagements with integrations to our IT Risk Management Application

Identify IT Risks

  • Identity IT risks considering:
    • common threats and vulnerabilities
    • identified critical assets 
  • Assign risk to a risk owner for assessment

Announcement Portal

  • Send important updates for IT risk and control owners

Key Reporting

  • Best practice out-of-the-box reports, including:
    • Heatmaps at the Corporate and Business Unit level
    • Risks by Threat Category
    • Asset Criticality Report
    • Top IT Risk Profile Report
    • Issues and Action Plans, including status and due dates
  • Access to Data Warehouse to build custom reports using BI tools (e.g., Tableau®, Microsoft Power BI®, etc.) 

Data Subject Access Request Portal

  • Leverage our request portal to capture any relevant privacy requests to your organization
  • An External facing portal that allows privacy requests to be submitted
  • Triage and manage requests in-app, with a suite of dashboards to maintain oversight

Risk Library

  • Access and update the central IT risk library
  • Maintain standard taxonomy across risks
  • View and update organizational structure
  • Push updated risk and control information to all assessments