STREAM Integrated Risk Manager

Transcription

STREAM Integrated Risk Manager
STREAM Integrated Risk Manager
Liberty House
222 Regent Street
London
W1B 5TR
United Kingdom
[email protected]
www.acuityrm.com
What is STREAM?
STREAM is a Governance, Risk and Compliance (GRC) software Framework which
allows the user to quickly and easily configure their own GRC Tool. STREAM
supports the following integrated GRC requirements:

Risk assessment & management

Action management

Compliance measurement & management

Workflow and alerting

Incident logging & management

Reporting
Unrivalled
configurabilty
Easy to use
Scalable
Actionable
intelligence
‘Risk management
made simple’
STREAM can be used for single-user, single-application requirements, e.g. to
manage compliance with management system standards (such as ISO 27001, PCIDSS, ISO 9001), for vendor risk management across extended supply chains, right up
to complex multi-user, multi-application requirements across global organisations.
Key Features
Actionable Intelligence
Intuitive & Easy to Use Workflow
Report in real-time on: risk status against
risk appetite and tolerances; compliance
status against control standards, and;
performance of key controls using
metrics. See the risk gauges and charts
change as threats change, performance
against key metrics improves or major
non-compliances are addressed.
Log-in to STREAM and see your personal
dashboard of risks, controls, incidents and
actions. Quickly jump to items requiring
your attention. Receive email notification
on allocation of risks, controls, incidents
and actions with reminders of forthcoming
deadlines for actions, assessments and
approvals.
Flexible & Configurable
Robust, Secure & Scalable
Whether you want a robust alternative to
internally developed spreadsheets, to
demonstrate compliance and achieve
certification against standards or
to
implement a comprehensive Enterprise
Risk Management solution you will find
STREAM quick and easy to configure to
your specific requirements.
Start with our free single-user version as a
proof-of-concept then extend to your team
and Enterprise-wide. Sophisticated usermanagement restricts visibility of risks,
controls, incidents and actions to those with
appropriate permissions. Managers can
see summary views with drill-down to the
detail.
Benefits
More efficient GRC processes
Fewer business disruptions
Better targeting of resources
Greater assurance
Low cost of ownership
Enhanced reputation
© Acuity Risk Management LLP 2013
Risk Management
STREAM is very easy-to-use yet provides valuable business information about your risk status. You can see at a
glance where current levels of residual risk exceed tolerance and risk appetite.
Managers with responsibility for different business units can easily track the material risks to their business objectives
and the risk responses. This information is instantly available Enterprise-wide (subject to user permissions) providing
aggregate views and comparison across the business.
You can define your own risk assessment schemes for
different types of risk, such as Confidentiality, Integrity,
Availability (CIA) for information risks.
Risk Registers display all of the material risks relating to a
specific business unit, line of business, process, system,
application or project.
Risk Registers can be aggregated to a regional, business area,
technical, programme or other grouping and from there to the
Enterprise level.
You can drill down to see mitigating controls.
You can track the health of important risk
mitigating controls and see how the
performance of these controls affects
residual risk status.
Actions can be raised, allocated to
owners and their status tracked through
the STREAM workflow.
Risk Reporting
STREAM can analyse data from both real-time feeds and user inputs to provide easy to use, real-time management
dashboards and reports. Risk - related reports include Top 10 risks, Residual Risk Summary, Risk History, Risk
Treatment Report and Return-on-Investment, plus drillable Risk Registers with comparison against Risk Appetite.
© Acuity Risk Management LLP 2013
Compliance Management
You can use easily configure STREAM with control standards and then measure and report on your compliance
status. Compliance data can be input to STREAM directly by users, via off-line questionnaires or imported from
feeder applications.
Users can raise and allocate improvement actions and track the status of these using
STREAM workflow. By integrating compliance management and risk management, STREAM allows you see how
your compliance status influences your risk status - with weak compliance for critical assets resulting in high levels
of residual risk. You can record incidents and near-misses and link these to risks and controls, raising improvement
actions as necessary.
An optional Control
Approver role allows
control assessments to be
independently verified and
approved.
STREAM workflow keeps
track of when assessments
and approvals are due.
Actions can be raised
against risks, controls and
events and allocated to
Owners.
STREAM workflow alerts
action owners and reminds
them when target dates are
approaching.
As improvement actions are completed, compliance assessments can be updated and new compliance and
associated risk status reports and dashboards are instantly available.
Compliance Reporting
STREAM can analyse data from both real-time feeds and user inputs to provide easy to use real-time management
dashboards and reports. Compliance - related reports include Control Status, Control History, Statement of
Applicability, Control Approval Status, Incident Status, Action Status plus drillable dashboards and
Control Assessment screens filtered by controls that you own, assess or approve. Data can be exported to MS
Excel for further analysis or reporting.
© Acuity Risk Management LLP 2013
Incident Management
Acuity Risk Management
You can log incidents and
near-misses, record impacts,
link to threats and controls,
attach relevant documents
and
raise
remediation
actions.
Acuity Risk Management LLP
is a specialist provider of
Governance
Risk
and
Compliance (GRC) software
solutions
and
related
services.
Statistics on frequency and
severity of incidents can be
used to refine and improve
risk assessments.
Acuity’s consultants have
implemented risk management processes and software
solutions for hundreds of
organisations in every major
business sector.
Graphical reporting shows
current and historical status.
Configure your own STREAM GRC Solution
Use STREAM
instead of
For further information on
STREAM or Acuity Risk
Management please contact
us at [email protected] or
visit our website:
spreadsheets to
build and pilot
your own GRC
tool
Technology
STREAM was designed as a configurable framework meaning that it
can be configured to meet your specific need quickly and easily.
Configurable items include:
STREAM scales 
seamlessly
from
single-user
to multi-user
Enterprise wide
GRC
STREAM is the result of this
collective experience and the
market need for ‘easy to
use’ , configurable risk management
solutions that
provide valuable actionable
intelligence.

Flexible, unlimited, hierarchical model for risk and compliance
aggregation, drill-down and reporting views
Risk assessment and control assessment schemes and
measurement criteria

Threat lists, control standards, asset classes, dependencies
and mappings

Risk categories and Incident types

Control approval and risk acceptance criteria

Email alerting

Thresholds, colour schemes and settings

Import and export of data to third party tools.
Pre-configured content can be downloaded from our on-line store and
uploaded to your STREAM system or you can use the
STREAM Content Builder to quickly and easily add your own
content.
© Acuity Risk Management LLP 2013
STREAM
is
a
robust,
scalable, high-performance
MS Windows SQL Server
application which can be
implemented on your own
network or via our hosted
‘Software as a Service’
solution.
User access can be provided
via web browser, mobile
devices (including iPad,
iPhone, Android) and thin
client.