Ra2

Tool Identity Card

General information
Basic information to identify the product

Tool name : Ra2
Vendor name : AEXIS
Country of origin : Germany

Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : Local
Supported by organization, club,... (e.g. as sponsor) : N/A

Brief description of the product
Give a brief description of the product containing general information, overview of functionsâ€¦

RRA2 art of risk is a stand-alone tool from AEXIS for Risk Management based on the ISO 17799 and ISO 27001 standards. For each of the steps in this process the tool contains a dedicated step with report generation and printing out of the results. RA2 Information Collection Device, a component that is distributed along with the tool, can be installed anywhere in the organization as needed to collect and feed back information into the Risk Assessment process. AEXIS provides a trial version of the tool.
RA2 art of risk addresses the different steps in the process of establishing and implementing an ISMS, in accordance with the requirements lined out in the international standard ISO/IEC 27001:2005 (previously BS 7799-2:2002). For each of the steps in this process the tool contains a dedicated step with a report generation and printing out of the results. With the tool, it is possible to go through all the steps described in ISO/IEC 27001:2005 and to produce the necessary documentation of the Risk Assessment and Risk Management process.
The functions include leading through the ISMS processes, calculation of risks, automatic carrying forward and updating of results, a detailed Help function and context sensitive help, and further support. Together with the tool RA2 art of risk V1.1 comes the RA2 Information Collection Device, which can be installed anywhere in the organization as necessary to collect and feed back information into the Risk Assessment process.

Supported functionality
Specify the functionality this tool provides.

R.A. Method phases supported

Risk identification: Example list of threats/vulnerabilities
Risk analysis: Risk decision process

Other phases

Asset inventory: Develop an ISMS asset inventory, select from example list, add new

R.M. Method phases supported

Risk assessment
Risk treatment : Suggested controls from ISO 17799, customization
Risk communication : Report generator, print-out facility

Other phases

ISMS Definition: Definition of the scope and business requirements policy and objectives for the ISMS

Other functionality

Information Collection Device: Collect information from different sources within the organization. and feed back in the risk assessment process.
Automated compliance analysis: Automatic produce key documents and reports

Information processed

Reports: Each step contains a report generation

Lifecycle
Date of the first edition, date and number of actual version

Date of first release : 2000
Date and identification of the last version : 2005 - v1.1

Useful links
Link for further information

Official web site : http://www.aexis.de/RA2ToolPage.htm
user group web site : N/A
Relevant web site : http://www.bsi-global.com/Risk/InformationSecurity/bip0022.xalter

Languages
List the available languages that the tool supports

Languages available : English(?)

Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)

£ 1100 (plus VAT) v1.1
£ 200 (plus VAT) upgrade to v1.1

Sectors with free availability or discounted price : N/A

Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : Demo Download
Identification required : No
Trial period : -

Tool architecture
Specify the technologies used in this tool

Application: Stand alone application, Installed in single machine
Information Collection Device: Collect information from different sources and provide as input to the tool, Multiple Installations in the organization / company

Page top

Scope

Target public
Defines the most appropriate type of communities for this tool

Large scale companies
SME
Commercial CIEs
Non commercial CIEs

Specific sector : N/A

Spread
Information concerning the spread of this tool

General information : Applied around the world
Used inside EU countries : France, Germany, Sweden, UK
Used outside EU countries : Australia, Brazil, Canada, Japan

Level of detail
Specify the target kind of people for this tool based on its functionality

Management : N/A
Operational : N/A
Technical : N/A

Compliance to IT Standards
List the national or international standard this tool is compliant with

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

Training
Information about possible training courses for this tool

Course : N/A

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

To install : Easy to install
To use : help assistant, built in checklists, fully worked thought example
To maintain : Stable, no need for regular updates

Tool Support
Specify the kind of support the company provides for this product

Support : N/A

Organization processes integration
Describe user roles this tool supports

Supported Roles

Intergration in Organization activities

Interoperability with other tools
Specify available interfaces or other ways of integration with other tools

Import/Export (application specific): Information Collection Device
Export to CSV: Spreadsheet applications (e.g. Excel)

Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

Assets/Threats/Vulnerabilities list: Customization of the list, define new
Controls list: Select 2000 or 2005 version list, identify additional controls

Browse the Topics