RM Studio

Published under Risk Management

Risk Management Studio

Tool Identity Card

General information
Basic information to identify the product

Tool name : RM Studio
Vendor name : Stiki – Information Security
Country of origin : Iceland

Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : World-wide (state oriented, sector oriented), Regional, Local
Supported by organization, club,... (e.g. as sponsor) : N/A

Brief description of the product
Give a brief description of the product containing general information, overview of functions.

Risk Management Studio is a comprehensive toolkit application designed for efficient and effective risk management, by combining the Assessment module with the Business Continuity module providing a holistic approach. RM Studio provides our users with an end-to-end risk management solution ready for immediate deployment in your organization.

Risk Management Studio Features:

  • Importing of existing data for your organization (asset lists, policies, stakeholders)
  • Includes diverse Risk libraries (IT/IS, operational, project, environmental, strategic)
  • ISO/IEC 27001 and Annex A, Security Controls, along with the Implementation Guidelines from ISO/IEC 27002 ready for immediate deployment
  • Step-by-step approach to facilitate certification/ compliance process
  • Includes Gap Analysis, Risk Assessment, Control Effectiveness Assessment
  • RM Studio combines the 3 assessments to create the Risk Treatment with the appropriate suggested controls matched to each risk for mitigation or acceptance
  • Full scale Business Continuity management planner included and connected to the Risk Treatment for a higher concentration of continuity planning
  • Ready for deployment as a turn-key solution or customizable to meet the individual needs of your organization

Supported functionality
Specify the functionality this tool provides.

R.A. Method activities supported

  • Risk identification : Comprehensive risk libraries included (IT/IS, operational, strategic, financial, project)
  • Risk analysis : Risk identification per asset is automatically established under the asset categorization
  • Risk evaluation : Assess the probability and impact of individual risks
  • Evaluation template: Risk Profiles, which includes the evaluation templates, are created for the Risk Assessment
  • Security Roles: Users, Roles, Responsibilities, Access

Other phases

  • Asset inventory & evaluation - Import Asset inventory and evaluate in the risk assessment

R.M. Method phases supported

  • Risk assessment: RM Studio automatically connects the individual threats and vulnerabilities to each asset through the asset categorization
  • Risk treatment : RM Studio combines the Gap, Risk Assessment and Control Effectiveness Assessment into a single Risk Treatment process.
  • Risk acceptance : A risk treatment step within RM Studio that  determines risk acceptance and outlines a plan of action.
  • Risk Communication : SOA, Risk Treatment Residual Risk, Executive Summary, Control Effectiveness, Business Continuity Plan.
  • Gap Analysis: GAP Analysis/Compliance check against a standard such as ISO/IEC 27001 or other deployed standards (9001, 14001, 20000, 22000, 22301, PCI DSS, WLA-SCS, CSA CCM).

Other phases

  • Stakeholder module: This module is a web-based interface used with the client installation of RM Studio allowing many stakeholders to add input into the asset and risk evaluations.
  • Business Continuity Management: RM Studio BCM assists users in developing business continuity plans for their organizations or sectors of the organization

Other functionality

  • Security Model: RM Studio comes with a powerful security model providing user authentication and authorization.
  • Evaluation Templates: RM Studio uses Risk Profiles to establish the asset and risk evaluation templates, as well as set the risk appetite and scoring method.
  • Exportation of data
  • Easy Install: RM Studio uses an installation wizard and intuitive guidelines for an easy install of the application and the database

Information processed

  • Reporting Function: Various reports included and custom user defined reports can be created as requested.
  • Data Exporting : RM Studio provides the option to export data, compiled and created, to Excel, Word, & PDF. All grids/lists in the application can be exported for further processing allowing for Excel experts to create their own reports.

Date of the first edition, date and number of actual version

Date of first release : 2006
Date and identification of the last version : RM Studio v5.1, May 2016

Useful links
Link for further information

Official web site : http://www.riskmanagementstudio.com
User group web site : N/A
Relevant web site :https://www.facebook.com/rmstudiosoftware , http://www.stiki.eu

List the available languages that the tool supports

Languages available : English, German, Icelandic

Pricing and licensing models
Specify the price for the product (as provided by the company on May 2016)

  • Price: € 2990 annually – 2 users, € 500 annually per additional user
  • Sectors with free availability or discounted price : Universities looking to provide tools for risk management as part of a curriculum resource

Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : Request a free trial on www.riskmanagementstudio.com
Identification required : Yes
Trial period : 21 days

Tool architecture
Specify the technologies used in this tool

  • Database: All application and user entered data is stored in a database - MS SQL Server (2008 - 2014)
  • Web Server: A web-based module for stakeholders is available. The Stakeholder module is used for risk and/or asset owners for evaluations.
  • Application Server: MS SQL Server and Microsoft Reporting Server
  • Client: The GUI is an application client using .Net framework

Page top


Target public
Defines the most appropriate type of communities for this tool

  • Government, agencies
  • Large scale companies
  • SME
  • Commercial CIEs
  • Non Commercial CIEs

Specific sector : All organizations public or private that want to maintain an ISMS, conduct a gap analysis for certain compliance issues or implement information security according to standards.

Information concerning the spread of this tool

General information : World-wide in many different organizations
Used inside EU countries : Germany, Netherlands, Switzerland, Portugal, UK, Italy, Latvia, Greece, Norway
Used outside EU countries : U.S.A., Australia, Canada, Mongolia, India, Pakistan, UAE, Egypt

Level of detail
Specify the target kind of people for this tool based on its functionality

  • Management
  • Operational
  • Technical


Compliance to IT Standards
List the national or international standard this tool is compliant with

  • ISO/IEC 27001:2013
  • ISO/IEC 27017:2015
  • ISO/IEC 27018:2014
  • ISO/IEC 20000:2011
  • ISO 22301
  • CSA CCM 3.0.1
  • PCI DSS 3.1

Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

  • ISO/IEC 27001
  • ISO 22301

Information about possible training courses for this tool

  • Course: ISO/IEC 27001
  • Duration: Varies
  • Skills: Multiple
  • Expenses : Varies

Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

  • To install : Some system administrative knowledge and access to install the application through the step-by-step install wizard with intuitive installation guidelines and database.
  • To use : General knowledge of risk management
  • To maintain : Some system administrative knowledge for database administration (i.e. database backups etc.) and to be able to upgrade application and database upon receiving new versions of software (3-5 per year).

Tool Support
Specify the kind of support the company provides for this product

Support : Online and telephone support.

Organization processes integration
Describe user roles this tool supports

Supported Roles

  • Database Administrator : A MS SQL is supplied with RM Studio and must be connected
  • RM Studio Administrator : Access to all aspects of RM Studio
  • Creator : Can create new items of all types
  • Deleter : Can create new items of all types
  • Modifier : Modify all types and all existing items
  • Reader : List and view all item types but cannot modify them in anyway
  • Super User : Can do complete all actions with the exception of setting security levels/roles
  • User Defined : Users can create roles based on tasks within RM Studio

Intergration in Organization activities

  • N/A

Interoperability with other tools
Specify available interfaces or other ways of integration with other tools


  • Export to : Word, Excel, PDF

Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

  • MS SQL

Flexibility of tool's database
Can the database be customized and adapted to client requirements?

  • N/A

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more