What kind of support do RM Studio users receive after purchase?
The RM Studio Team’s main focus is to ensure customer satisfaction. After you purchase RM Studio for your organization, we will support you with the installation and database setup. We also provide a basic instructional demonstration up to one hour and additional training is available for purchase. Throughout the life of the license you are welcome to contact us for additional support, because we want you up and running at all times.
Is RM Studio a web based solution?
RM Studio is a client – server database system. It is a certified Microsoft compatible software and the database can operate on a server or in an Azure cloud or run as a local database.
What is the ideology of RM Studio?
RM Studio is modular software. In RM Studio, the attempt is made to take a holistic approach to risk management. The Risk Assessment Module comes with a comprehensive asset library and a threat library. In addition, a variety of standards can be implemented and used within the risk management software. The Business Continuity Module gives the opportunity for the user to use the results of risk assessments when creating business continuity plans. Other modules in the pipeline include Audit, Processes and Policy documents. Check out our blog post on the Ideology of RM Studio.
How does RM Studio assist users in obtaining ISO 27001 certification?
RM Studio’s methodology is based on the risk management needs of compliance to ISO/IEC 27001. RM Studio guides users through the risk management process outlined in the ISO/IEC 27001 Information Security Standard. Users begin the process by identifying business entities, contacts and assets, unique to the organization. From there, users link assets to threats with the comprehensive asset category library. RM Studio is equipped with 150 threats, reducing the guesswork for users and simplifying the risk management process. RM Studio can be purchased with the ISO/IEC 27002 Implementation Guidelines, again simplifying the process and reducing the total cost of the certification process.
The RM Studio: Assessment and Treatment Module utilizes the information entered by the user, the embedded libraries and standards, as well as two evaluation templates, based on ISO/IEC 27005 methodology to assess risk in the risk assessment step. Users are prompted to select a business entity and associated assets. From there, RM Studio automatically connects the associated risk to the assets based on the selected category. This automation through the evaluation templates and interconnection of assets to threats dramatically reduces the time spent on the risk assessment process.
The next step within RM Studio: Assessment and Treatment Module is the Gap Analysis. With the ISO/IEC 27002 Implementation guide embedded in the software, users can review the necessary controls and define their current implementation status. The Implementation Guides regarding the controls are linked to the specific controls and RM Studio provides a stellar overview of the user’s implementation status.
The final step in the RM Studio: Assessment and Treatment Module is the risk treatment process. Here RM Studio implements all of the information from the user, and utilizes the results of the risk assessment and gap analysis to develop a risk treatment plan. Users are provided with a base security risk, current security risk, and future security risk. The risk treatment step allows users to outline their treatment plan with the information RM Studio produces. Future control implementation dates can also be set.
The RM Studio: Assessment and Treatment Module comes equipped with 11 reports which can be utilized during the certification process. Reports include the Statement of Applicability and a one page executive summary, among others.
Does RM Studio address financial risk?
No, currently RM Studio is developed and equipped to manage operational risk of all kinds. We are currently working with the University of Reykjavik to develop a financial risk management module for RM Studio.
Does RM Studio address reputation risk?
Yes, RM Studio can be customized by users to address operational risk of all kinds. Reputation can be managed as a specific business entity or as the aggregate risk management process within RM Studio. See our article on reputation risk management for more information.
Does the RM Studio Team provide technical support for users?
Yes, RM Studio’s customer service team is here to help. We can assist you with technical issues regarding the SQL database, installation, updates, and other trouble shooting. For more information, contact us at firstname.lastname@example.org.
Does RM Studio offer consulting?
Yes, our team of risk management professionals can work with you to develop a service plan based on your organizations unique needs. For more information, contact us at email@example.com.
Is it possible to create my own evaluation templates?
Yes, many of our customers create their own evaluation templates to meet their unique risk management needs. RM Studio has been designed to be scalable and flexible to accommodate customer requirements and their changing needs. The software comes with a default predefined evaluation templates to help users getting started in risk assessment. If you have any questions regarding this process, please contact our customer support at firstname.lastname@example.org.
Is RM Studio suitable for different industry sector needs?
Yes, RM Studio’s versatility enables users in all industry sectors to manage their specific governance, risk and compliance requirements. RM Studio is used by all types of organizations on a global scale.
How does RM Studio manage residual risk?
Our user manual provides an overview on residual risk in RM Studio.
Is RM Studio a risk analysis tool?
Yes, RM Studio is a risk analysis tool. RM Studio comes equipped with a threat library and a comprehensive asset category library. Further, RM Studio comes with two evaluation templates “out-of-the-box” in order to assist users in the process of risk analysis. We understand that the needs are unique for each user regarding risk analysis. Rm Studio users experience different threats and risks in their businesses. The methodology and functionality of RM Studio gives the users the necessary flexibility to define their own risk analysis procedure and implement knowledge based libraries and appropriate standards according to their needs.
What are business continuity plans?
The goal of business continuity management is to protect critical business processes from the effect of major failures or disasters. With integrated measures through prevention and error recovery, the effects of disruptions and crises are reduced to an acceptable limit. Business continuity plans are an integral part of business continuity management. Such plans include categorizing operations by importance as well as specifying parties with well-defined roles during emergencies, actions to be performed in order to recover operations in a timely fashion, and regular testing. Business continuity plans need to be reviewed regularly to remain valid. Further, business continuity management is a component of information security management in accordance with international standards in this field. RM Studio can be equipped with a Business Continuity Management Module. Business continuity plans are also called disaster or contingency plans.
What is certification?
Certification is confirmation by a third party that operating procedures comply with stated criteria. An organization can be certified in part or in whole. The scope of the operations to be certified must be known, and the certification is limited to those activities. Certification is accredited if the certifying party has been validated by a government-recognized accreditation body. One example of such a government-recognized accreditation body is the United Kingdom Accreditation Service (UKAS). The British Standards Institution in London, which has a branch in Iceland, is an accredited certification body. Certification is not accredited if the certification body itself has not been validated by a government-authorized accreditation body. For example, Vottun hf. in Iceland is not an accredited certification body.
What does data traceability mean?
In all software, it is important that developments and change in data can be examined. This applies particularly to software used in risk and quality management. In software offering traceability, the following needs to be recorded as a minimum upon each change to data:
* Who made the change
* The status of the data before the change
* The status of the data after the change
* When the change took place
* The effects of the change on individual parts of the system or the system as a whole
Data traceability is a key component in RM Studio.
What is an information security management system (ISMS)?
An information security management system (ISMS) is part of an organization’s overall management system. It is intended to maintain information security. The ISMS extends to the organization’s activities and customer relations. It covers a company’s organization chart, its policies, internal structure, division of responsibilities, work routines, procedures, processes and resources.
The scope of an ISMS can include an organization’s total operations or specific parts of its activities. The ISMS needs to cover the information systems, including assets, services and software, used in the operations specified under the defined scope.
What is an information system?
An information system includes the data collection and a data processing system that together form an integrated system for the storage and use of information. Information systems also include personnel, equipment, software, services, funds and other factors in relation to the provision or distribution of information.
What is risk assessment for data processing?
Risk assessment is the total process of risk analysis and risk weighting in accordance with ISO 27001, and the evaluation of risks to data and data processing, their effects, sensitivity to such risks and the probability of occurrence of the risk events. This includes assessment of the risk of an outside party accessing information, altering it or otherwise compromising its security. Risk assessment also covers the scope and results of the risk with reference to the nature of the data being used. The goal of risk assessment is to provide a basis for selecting security measures. Risk assessments are reviewed annually.