Rsam is a highly adaptable risk & compliance management software that meets the requirements of virtually any risk & compliance assessment initiative. Rsam is carefully designed with the ability to be deployed out-of-the-box in most situations, and yet provide extensive & easy customization capabilities to accommodate Clients specific needs without prohibitive consulting costs. All Rsam solutions are designed to take advantage of a wide variety of road-tested control templates allowing enterprise organizations to rapidly deploy their risk assessment & compliance initiatives. These solutions can be used individually or combined together to provide a powerful & holistic view of risks & compliance across many areas within an organization. And all Rsam solutions leverage the benefit of rich Rsam Technology Platform features including custom web-based surveys, dynamic workflow, automated eMail notification, customizable scoring, interactive reporting, remediation tracking and more.
Data Sheet
Key Features
Whitepapers
Assessments have always required a careful mixture of Technical expertise and Executive thought leadership. Traditional assessment solutions that focus only on simple vulnerability probing can not provide the complexity of information required to make responsible compliance decisions. At the same time, pure Top-Down "high level" assessment approaches have proven to be of little use in guiding the action of hands-on staff members. Rsam's methodology and technology have been designed to harmonize the overlap of Executive Goals & Compliance Requirements with the vital compliance details. Our policy-driven analysis engine takes input at the highest level of an organization and translates it into a detailed guide for safeguarding individual objects and controls. At the same time, the individual details of risks and controls for disparate objects are translated back to the executive level to show where the organization is succeeding and failing to meet its compliance needs. All of this works to generate an effective Top to Bottom view of risk and compliance within the organization that is meaningful at all levels.
Assessments center on the evaluation of individual assets or targets known as 'objects'. Depending on the assessment scope, an object might be an Application, Site, Vendor, Process or any Asset that represents some level of criticality to the organization. The goal is to find these objects, calculate their criticality & risk, record their vulnerabilities & controls, and score them. An initial set of objects are defined in Rsam either via data import or distributed data entry. Users are then assigned to answer specific questionnaires concerning the criticality and control of their assigned objects. As users log into the Rsam interface they are presented with simple dashboards showing their assigned tasks and the status of their questionnaires. By clicking on a particular task the user is directed to the appropriate questionnaire page and walked through each assigned question via a highly-intuitive GUI. At the completion of a questionnaire, the process can then be passed to other users for review or additional input. All such actions are tracked, and progress reports and administrator dashboards provide constant progress updates.
At the completion of an assessment, object scores are calculated using minimum required safeguards based on their individually calculated criteria. Finally, users are given a simple directive: to lower their risk score by either correcting the gap issues or by providing adequate justifications. Reports provide guidance to help users determine where the most effective controls could be put in place to achieve this goal. Behind the scenes, Rsam provides the mechanism in terms of calculations and methodologies to qualify & quantify risk based on an organization's unique requirements, and present an accurate picture that provides the basis for informed decision making based on intelligent and consistent information.
While a survey/questionnaire-based assessment program is a good first step, it is only one piece of the puzzle. In addition to data gathered via surveys, assessment data also comes from other sources - via onsite visits/walk-throughs, Interviews/discussions, and from automated tools or feeds that may already exist within an organization. All such ad-hoc data can be recorded into Rsam and integrated with survey based data, to give a complete picture of an assessment.