Rsam’s 7th generation Enterprise Governance, Risk and Compliance (GRC) platform integrates business criticality, regulatory assessment data, vulnerabilities and findings, enabling organizations to gain enterprise wide risk visibility, oversight and assurance. The Rsam GRC Platform’s technology blends an intuitive multi-user interface with practical, best-of- breed risk and compliance methodology and content. The result is a repeatable and sustainable risk management process that reduces costs, improves business performance, and provides enterprise wide risk visibility. The Rsam GRC Platform is comprised of four components which can be used individually or in any combination to configure your own GRC applications / uses-cases or leverage out-of-the-box Rsam solutions in areas such as Assessments, Audit, Compliance, Enterprise Risk, Incident Management, Issues & Remediation Tracking, Policy Management & Exceptions, Threat & Vulnerability Management and Vendor Risk. Data Sheet Key Features Whitepapers

The Rsam Framework is an open and adaptable, quickly adapting to any client situation and environment. It acts as the utility to power all Rsam’s GRC use-cases seamlessly and integrates with other enterprise applications and data sources. The Rsam Framework is feature rich and includes the following main components: Foundation Services incorporating features such as LDAP integration, SSO, a flexible scoring system, dynamic workflow, automated e-mail notifications, E-mail Listener, and more… Data Import/Exports Rsam allows for quick and easy import of existing assessment results, questionnaires, asset inventories, threats, and vulnerabilities allowing users to import /export data from Excel spreadsheets, delimited files, and ODBC connections (for databases such as SQL, Access, and Oracle). An intuitive import GUI allows customers to map data elements to customizable Rsam fields while checking for integrity and redundancy. Rsam’s import interface is a superior way to integrate with a variety of external data sources with no need for complex APIs Risk Analytics Engine assists organizations in creating dynamic rules that maximize their ability to “intelligently” manage the risk and compliance processes. Rsam Risk Analytics provide a high degree of automation in managing data and workflow where organizations can create dynamic rules to specify their own unique handling requirements easily and on-the-fly. Reporting, Dashboards and Search Rsam has been optimized to provide details and summary reports that are relevant at all levels of the organization including technical, managerial and executive level reports. Leverage Rsam’s unique Drag & Drop Dashboard Builder to create dashboards in seconds.

Content Library and Architecture leverages the maturity of the Rsam platform to enables intelligent organization of content. Over the years careful consideration has been given to formulate content that is comprehensive, user-friendly and can be automated. As our content architecture evolved through experiences with our many marquee customers, Rsam's library of content templates continues to grow. Rsam's content design takes into considerations important elements such as: Rsam's content design takes into considerations important elements such as: Comprehensive library of controls includes thousands of controls based on various standards and cross-mapped with many regulations/compliance areas. Each control has default weights, controls levels and other related data. Each control is also mapped to its target assessment areas. Content mapped across multiple compliance standards. Each Rsam control is cross- mapped to standards, regulations and compliance areas; each mapping can be viewed and modified easily. Organizations can also cross-map Rsam’s existing controls to their own custom compliance domains. Import pre-existing controls or create your own surveys / questionnaires from Excel, delimited files or from any ODBC-compliant data source such as Access, SQL server etc. Use Rsam’s simple administrative GUI's to create custom assessments in a matter of minutes. Perform intelligent and automated risk-control analysis. The Rsam Content Architecture is designed to keep the data gathering simple for the end user, but allow for intelligent and automated analysis. Minimum control requirements can be set when certain situations exist, thereby allowing for compliance-specific analysis. The Survey Engine allows you to choose from an entire library of standard templates, customize your own surveys/questionnaires or a combine both options for a uniquely customized experience. Rsam also allows for import of existing questionnaires from common data sources (Excel, databases, XML and text delimited files). Customers can easily map the data to internal or external regulations and standards or policies and procedures. Pre-populated, out-of-the-box surveyswhile Rsam can be pre-populated with comprehensive libraries of pre-mapped controls/questionnaires, these surveys are also easy to modify to accommodate your particular needs. Additionally, Rsam also allows you to import your own existing questionnaires - and easily map the data to other content within the system. New customized surveys can be created instantly within a couple of clicks! User- friendly, intuitive interface provides an optimal mix of efficiency and simplicity that best matching the users skill set. The Quick Survey option, ideal "non-computer savvy" personnel, auto-navigates users to the questions they need to answer, eliminating unnecessary work. Other more sophisticated surveys interfaces provide feature rich functionality for the Rsam power users. Context-driven questionnaires Based on the response to an initial survey/questionnaire, Rsam has the ability to dynamically create and assign additional surveys/questionnaires to appropriate users. This innovative feature allows organizations to address special circumstances appropriately (when certain conditions apply) without unnecessarily burdening all participants with irrelevant surveys/questionnaires. Fact-based data gathering and analysis Rsam utilizes fact-based Surveys/Questionnaires structured in a customizable multiple-choice, question and answer format to minimize data gathering efforts, increasing accuracy and provide data accountability. Advanced survey workflow features Cascading control questions provide the ability to nest related control questions in lists using multiple levels of hierarchy. The auto-answer feature allows the end-user to take full control of questionnaires enabling survey responses to automatically trigger answers to other related questions eliminating redundant response tasks.

Findings Technology allows organizations to record, track and report on (non-survey based) information as it relates to assessments, issue tracking, incidents, risk management, compliance, policy exceptions & audit data within a highly flexible structure. Dynamic Structure & Hierarchy Define and configure your own data structure, hierarchy and custom fields. Organize various risk and compliance data into purpose-driven “Findings” categories that allow for better data gathering, management, and reporting. Customizable Forms Designer Create any number of custom fields (text, drop-down, multi- select, date, etc.) and organize such fields on a form using a drag-and-drop mechanism Comprehensive Remediation (POAMs) Management document and track all of the various remediation opportunities identified during the assessment process. Record a Plan of Actions & Milestones for remediation at the control, system or organizational level. Custom Scoring Use Rsam's default scoring system or adjust custom scoring weights and calculations based on your unique scoring algorithm and metrics. Integration with Survey-Based Data Integrate Findings data with Rsam's survey-based data to create a single, unified picture for the entire organization.