Risk Manager for IRAM2

US: +1 651-256-9503UK: +44 208-012-8544Email: sales@surecloud.com www.surecloud.com

DATASHEET

The Challenge

Information risk methodologies provide a structured and consistent end-to-end approach to managing an organization’s information assets within acceptable levels of risk tolerance. IRAM2 is the ISF’s latest methodology for identifying and assessing information risk, which has gained substantial traction with many global Member organizations, due to its holistic nature and rigor.The challenge is operationalizing the methodology, applying and managing it across a large global organization where there are multiple businesses and departments with hundreds of assets of threats without duplicating the work for each.

The Solution

SureCloud has recognized these challenges and has created an application that addresses these issues; SureCloud Risk Manager for IRAM2. The application has been developed in conjunction with key ISF community members and designed with the fundamental objectives of repeatability, effi ciency, and usability in mind.

Individual assessments have been streamlined, and no longer exist as standalone activities. Multiple assessments can run in parallel and changes can be made retrospectively without having to repeat every subsequent step. These are supported by SureCloud’s shared libraries (for example Assets, Threats, and Controls) that will continue to grow over time. Risk Manager for IRAM2 also provides aggregated real-time reporting of information risk on interactive and customizable dashboards.

The Need

Information is critical to all organizations, as such informing key stakeholders of the risk to key information assets is now a business requirement. As adversarial threats continue to evolve and change, there is a greater need for organizations to have a rigorous understanding of the risks to their environment. An ISF member’s need is to identify their critical assets, how they’re vulnerable, prioritize them by risk and then tackle them with an action plan. SureCloud Risk Manager for IRAM2 is the ideal methodology to achieve this in a consistent, structured,

eff ective, proven and documentable way.

Book your demo

To fi nd out more about our GRC Suite, please contact one of our compliance experts or visit our website.

Email: info@surecloud.com

US: +1 651-256-9503UK: +44 208-012-8544Email: sales@surecloud.com www.surecloud.com

The Outcome – Value to the Business

Compliance Manager and ISF SoGP

Together with Compliance Manager, pre-loaded with the ISF Standards of Good Practice or Security Health check, an organization can ensure that its operational controls are appropriate and eff ective for the risks identifi ed using the IRAM2 methodology.

The GRC Suite

Risk Manager for IRAM2 is one of several complementary products in our Governance, Risk and Compliance suite, hosted on the SureCloud platform. SureCloud’s GRC Suite will support the execution of your business strategy and objectives.

© SureCloud Limited 2018. All rights reserved.

SureCloud Platform

ComplianceManager

IncidentManager

AuditManager

SecurityManager

forVendor

Risk

forCSR

AssessmentManager

forOp. Risk

forIRAM2

RiskManager

✔ Centralization: Cloud-based solution for centralized visibility and contribution

✔ Effi ciency: reduces the number of steps to complete an individual assessment in half

✔ Easy setup: new ‘Getting Started’ phase helps organizations to setup shared libraries – such as impact categories, assets, components, threats, attributes, events, controls, and appetite

✔ Enhanced reporting: provides a holistic view of risk across the organization for management

✔ Repeatability: preconfi gured content with established relationships (for example, between threat events and controls)

✔ Real-time: all aggregated data is displayed live using interactive and customizable dashboards

✔ Multi-entity: assessments can be undertaken at any level of the organization across multiple businesses and functions, referencing the same or alternative supporting libraries

✔ Flexibility: retrospective changes to assessments are applied

through all subsequent steps

About SureCloud:

SureCloud provides Governance, Risk & Compliance (GRC) applications and Cybersecurity services that give our customers certainty – of risk management/compliance, of cybersecurity, of having answers today and tomorrow. Established in 2006, SureCloud is headquartered in the United Kingdom and has offi ces in the United States. SureCloud has more than 400 customers throughout the UK and US from the Retail, Financial Services, Government and other sectors. For more information visit www.surecloud.com