RM Studio v5.2 Release

Linking Standards to Standards/Regulations is one of the newest features in RM Studio v5.2. Now available on our download page.

The v5.2 release comes after an unusually long break between our last release and this new one. But our commitment to 3 – 4 releases per year is back on track.

We have been working on a ground-breaking advancement for risk management and the development resources were thrust into the expansive project in order to ensure we got off to a great start.

At this time we can’t provide any more details than we already have about the new project. More details will be coming very soon, but suffice to say we are transitioning the software from an asset-to-risk based approach to a more systems-process analysis.

New features:

• Added the ability for linking Standards to Standards/Regulations so risk managers can assign related controls from one Standard (ISO 27001 Annex A) to the controls of anther Standard (NIST 800-53). In the Risk Assessment, assigning the status of implemented for a control from one standard will also assign the status of implemented for any linked controls of the other standards.
• Predefined mappings between Cloud Controls Matrix 3.0.1 and ISO 27002:2013 for users who have both standards licensed and deployed.
• A new report, Control Implementation Comparison, to support the control to control mapping,  which uses the new related controls mapping to check the implementation of a related standard against the other standard’s implementation status from the Risk Treatment.
• In the Gap Analysis it is now possible to assign the Justification text and Implementation date to multiple controls at the same time with one action.

Improvements/General changes:

• Updated the Risk Treatment reload functionality. Reloading changes from Gap Analysis or Risk Assessment now updates the Risk Treatment only with the changes made since the last reload.
• Added the ability to link an existing Risk Treatment to a different Gap Analysis or Risk Assessment.
• Improved user interface layout and text in a few places (Import Dialog, Create Risk Treatment Dialog, Asset Information)
• It is now possible to manually add and remove risks from Risk Assessment risk tasks. Previously the list of task risks was automatically populated based on the risk owner and could not be modified by the user.
• Risk treatments containing a large amount of risks should now save and load much faster
• Added columns “Modified” and “Modified By” to the Risk Treatment list, that displays information for the latest modification to the Risk Treatments.
• Updated ISO 27001:2013 and ISO 27002:2013 text with changes made in Cor1:2014 and Cor2:2015

Bug fixes

• Fixed a bug where HTML tags were shown in text in few reports
• Fixed a bug where it was possible to send an email notification for an newly created unsaved task, resulting in an invalid web URL
• Fixed a bug where the Risk Treatment reload button was enabled in the list details view. The reload button should only be enabled in the full view
• Fixed a bug causing a potential crash when editing Risk Profile risk criteria

Technical:

• Increased the minimum .NET version requirement to 4.5.2