RiskSafe Assessment
Product identity card
General information
Basic information to identify the product
Method or tool name : RiskSafe Assessment
Vendor name : Platinum Squared
Country of origin : United Kingdom
Level of reference of the product
Details about the type of initiator of the product
Private sector organization / association : Foreign and Commonwealth Office
Private sector organisation/association: Siemens Enterprises
Identification
Specify the phases this method supports and a short description
R.A. Method phases supported
- Risk identification: RiskSafe Assessment supports a proven approach to business impact assessment and threat and vulnerability assessment.
- Risk analysis: RiskSafe Assessment is fully in line with the approach set out in ISO 27005.
- Risk evaluation: The risks are stated on a scale 1 – 7.
R.M. Method phases supported
- Risk assessment: The risks identified in the risk analysis part of the method are used to identify which controls are appropriate to meet those risks.
- Risk treatment: RiskSafe Assessment is capable of producing a report which shows precisely which risks each controls is designed to combat.
- Risk acceptance: RiskSafe Assessment allows reviewers to record both precisely which what actions are going to be taken to address any observed weaknesses and which risks are going to be accepted.
- Risk communication: As a web based package, it means that all those people who have been authorized to monitor or record the results of the risk assessment can do so.
Brief description of the product
RiskSafe Assessment provides ‘cloud based’ risk assessment software that includes a comprehensive range of risk assessment facilities that are fully compliant with ISO 27001 and ISO 2705 and which address tasks such as:
- Business Impact Assessment (BIA)
- Identifying and assessing threats and vulnerabilities
- Assessing levels of risk
- Identifying required and justified controls on the basis of the risk assessment.
Lifecycle
Date of the first edition, date and number of actual version
- Date of first release : September 2012
- Date and identification of the last version : September 2012 - Version 1.0
Useful links
Link for further information
Official web site : www.risksafe.co.uk
User group web site : N/A
Relevant web site : N/A
Languages
List the available languages that the tool supports
Availability in European languages : English
Price
Specify the price for the method
-
Price: RiskSafe is supplied as a Software as a Service (SaaS) solution. Users are charged on a Per User Per Month basis. Please submit an enquiry through the RiskSafe web site for further details of the costs.
- Updating Fee: The software will be maintained as part of the SaaS solution. There is no additional maintenance or updating fees.
Scope
Target organisations
Defines the most appropriate type of organisations the product aims at:
- Government, agencies
- Large companies
- SME
- Commercial companies
- Non commercial companies
Specific sector : N/A
Geographical spread
Information concerning the spread of this tool
Used in EU member states : UK
Used in non-EU member states : Not yet
Level of detail
Specify the target kind of users
- Management
- Operational
- Technical
License and certification scheme
Specify the licensing and certification schemes available for this method
Recognized licensing scheme : Yes
Existing certification scheme : Yes
Users viewpoint
Skills needed
Specify the level of skills needed to use and maintain the solution
-
To introduce: No particular skills or facilities, other than an Internet connection, are required to start using RiskSafe Assessment
-
To use: RiskSafe has a simple user interface that allows enables to authorised people with a range of roles the ability to view or update information held in the reviews.
-
To maintain: Simple maintenance activities, such as adding new countermeasures, can be carried out by the person defined as the ‘Administrator’ within the software. More complex maintenance, such as introducing new reports or screens would require additional support.
Consultancy support
Specify the kind of support available
Consultancy: RiskSafe Assessment can be used by any company, organisation or individual. Consultancy support is available if requested, but it is not a requirement in order to be able to use the software.
Regulatory compliance
There is a given compliance of the product with international regulations
It is possible to integrate the results of the risk assessment with the requirements set out in a range of standards, guidance documents or other sets of requirements.
In particular, RiskSafe Assessment users will be supplied with a spreadsheet which maps the results of risk assessment against the Payment Card Industry’s Data Security Standard (DSS).
Compliance to IT standards
There is a compliance with a national or international standard
RiskSafe Assessment has been designed to support organisations seeking to demonstrate compliance with or achieving certification against ISO 27001. In particular it is fully compatible with the guidance about how risk assessments should be conducted set out in ISO 27005.
The results of the risk assessment can then be exported in a fashion where they can then be mapped against a range of other IT Security Standards and policies including:
- ISO 27001
- HMG Security Policy Framework and its Mandatory Requirements
- The Baseline Control Set defined by HMG
- PCI DSS
- PSN Code of Connection
- SANS Institute Top 20
- Cloud Security Alliance’s Cloud Controls Matrix
Trial before purchase
Details regarding the evaluation period (if any) before purchase of the product.
CD or download available: Users wishing to conduct an evaluation of RiskSafe Assessment can submit an enquiry through the web site. Prospective users would then be given access to an evaluation account so that they can use the full functionality to confirm how easy it is to use the software.
Identification required: Yes – A valid email address is required as part of setting up the evaluation
Trial Period: 30 Days
Maturity level of the Information system
The product gives a means of measurement for the maturity of the information system security
It is possible to measure the I.S.S. maturity level: It is possible to measure the maturity level of an organization by extending the result of the risk assessment to a comparison with the levels set out in the Information Assurance Maturity Model (IAMM) published by the UK’s Cabinet Office
Tools supporting the method
List of tools that support the product
Non commercial tools
-
N/A
Commercial tools
-
RiskSafe Assessment software
Technical integration of available tools
Particular supporting tools (see C-7) can be integrated with other tools
Tools can be integrated with other tools: The results from RiskSafe Assessment can be exported as an XML file. If other tools are capable of generating an XML file in the expected format then it can be imported into RiskSafe Assessment.
Organisation processes integration
The method provides interfaces to existing processes within the organisation
Method provides interfaces to other organisational processes: By allowing greater access to the risk assessment provides an opportunity to improve the integration of risk assessment into the change management processes.
Flexible knowledge databases
It is possible to adapt a knowledge database specific to the activity domain of the company.
Method allows use of sector adapted databases: Contact Platinum Squared to discuss options in this area.