RiskSafe Assessment

Published under Risk Management

Product identity card

General information
Basic information to identify the product

Method or tool name : RiskSafe Assessment
Vendor name : Platinum Squared
Country of origin : United Kingdom


Level of reference of the product
Details about the type of initiator of the product

Private sector organization / association : Foreign and Commonwealth Office

Private sector organisation/association: Siemens Enterprises



Identification
Specify the phases this method supports and a short description

R.A. Method phases supported

  • Risk identification: RiskSafe Assessment supports a proven approach to business impact assessment and threat and vulnerability assessment.
  • Risk analysis: RiskSafe Assessment is fully in line with the approach set out in ISO 27005.
  • Risk evaluation: The risks are stated on a scale 1 – 7.

    R.M. Method phases supported

    • Risk assessment: The risks identified in the risk analysis part of the method are used to identify which controls are appropriate to meet those risks.
    • Risk treatment: RiskSafe Assessment is capable of producing a report which shows precisely which risks each controls is designed to combat.
    • Risk acceptance: RiskSafe Assessment allows reviewers to record both precisely which what actions are going to be taken to address any observed weaknesses and which risks are going to be accepted.
    • Risk communication: As a web based package, it means that all those people who have been authorized to monitor or record the results of the risk assessment can do so.

      Brief description of the product

      RiskSafe Assessment provides ‘cloud based’ risk assessment software that includes a comprehensive range of risk assessment facilities that are fully compliant with ISO 27001 and ISO 2705 and which address tasks such as:

      • Business Impact Assessment (BIA)
      • Identifying and assessing threats and vulnerabilities
      • Assessing levels of risk
      • Identifying required and justified controls on the basis of the risk assessment.

      Lifecycle
      Date of the first edition, date and number of actual version

      • Date of first release : September 2012
      • Date and identification of the last version : September 2012 - Version 1.0

      Useful links
      Link for further information

      Official web site : www.risksafe.co.uk
      User group web site : N/A
      Relevant web site : N/A



      Languages
      List the available languages that the tool supports

      Availability in European languages : English


      Price
      Specify the price for the method

      • Price: RiskSafe is supplied as a Software as a Service (SaaS) solution.  Users are charged on a Per User Per Month basis. Please submit an enquiry through the RiskSafe web site for further details of the costs.
      • Updating Fee: The software will be maintained as part of the SaaS solution.  There is no additional maintenance or updating fees.

      Page top

      Scope

      Target organisations
      Defines the most appropriate type of organisations the product aims at:

      • Government, agencies
      • Large companies
      • SME
      • Commercial companies
      • Non commercial companies

        Specific sector : N/A


        Geographical spread
        Information concerning the spread of this tool

        Used in EU member states : UK
        Used in non-EU member states : Not yet


        Level of detail
        Specify the target kind of users

        • Management
        • Operational
        • Technical

        License and certification scheme
        Specify the licensing and certification schemes available for this method

        Recognized licensing scheme : Yes
        Existing certification scheme : Yes


        Page top

        Users viewpoint

        Skills needed
        Specify the level of skills needed to use and maintain the solution

        • To introduce: No particular skills or facilities, other than an Internet connection, are required to start using RiskSafe Assessment
        • To use: RiskSafe has a simple user interface that allows enables to authorised people with a range of roles the ability to view or update information held in the reviews.
        • To maintain: Simple maintenance activities, such as adding new countermeasures, can be carried out by the person defined as the ‘Administrator’ within the software. More complex maintenance, such as introducing new reports or screens would require additional support.

        Consultancy support
        Specify the kind of support available

        Consultancy: RiskSafe Assessment can be used by any company, organisation or individual. Consultancy support is available if requested, but it is not a requirement in order to be able to use the software.


        Regulatory compliance
        There is a given compliance of the product with international regulations

        It is possible to integrate the results of the risk assessment with the requirements set out in a range of standards, guidance documents or other sets of requirements.

        In particular, RiskSafe Assessment users will be supplied with a spreadsheet which maps the results of risk assessment against the Payment Card Industry’s Data Security Standard (DSS).



        Compliance to IT standards
        There is a compliance with a national or international standard

        RiskSafe Assessment has been designed to support organisations seeking to demonstrate compliance with or achieving certification against ISO 27001.  In particular it is fully compatible with the guidance about how risk assessments should be conducted set out in ISO 27005.

        The results of the risk assessment can then be exported in a fashion where they can then be mapped against a range of other IT Security Standards and policies including:

        • ISO 27001
        • HMG Security Policy Framework and its Mandatory Requirements
        • The Baseline Control Set defined by HMG
        • PCI DSS
        • PSN Code of Connection
        • SANS Institute Top 20
        • Cloud Security Alliance’s Cloud Controls Matrix

         

          Trial before purchase
          Details regarding the evaluation period (if any) before purchase of the product.

          CD or download available: Users wishing to conduct an evaluation of RiskSafe Assessment can submit an enquiry through the web site.  Prospective users would then be given access to an evaluation account so that they can use the full functionality to confirm how easy it is to use the software.

          Identification required: Yes – A valid email address is required as part of setting up the evaluation

          Trial Period: 30 Days



          Maturity level of the Information system
          The product gives a means of measurement for the maturity of the information system security

          It is possible to measure the I.S.S. maturity level: It is possible to measure the maturity level of an organization by extending the result of the risk assessment to a comparison with the levels set out in the Information Assurance Maturity Model (IAMM) published by the UK’s Cabinet Office



          Tools supporting the method
          List of tools that support the product

          Non commercial tools

          • N/A

          Commercial tools

          • RiskSafe Assessment software


          Technical integration of available tools
          Particular supporting tools (see C-7) can be integrated with other tools

          Tools can be integrated with other tools: The results from RiskSafe Assessment can be exported as an XML file. If other tools are capable of generating an XML file in the expected format then it can be imported into RiskSafe Assessment.


          Organisation processes integration
          The method provides interfaces to existing processes within the organisation

          Method provides interfaces to other organisational processes: By allowing greater access to the risk assessment provides an opportunity to improve the integration of risk assessment into the change management processes.


          Flexible knowledge databases
          It is possible to adapt a knowledge database specific to the activity domain of the company.

          Method allows use of sector adapted databases: Contact Platinum Squared to discuss options in this area.

          We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

          Ok, I understand No, tell me more