Risk Management Studio
Tool Identity Card
Basic information to identify the product
Tool name : RM Studio
Vendor name : Stiki – Information Security
Country of origin : Iceland
Level of reference of the tool
Details about the coverage or the « originators » of the solution
Coverage : World-wide (state oriented, sector oriented), Regional, Local
Supported by organization, club,... (e.g. as sponsor) : N/A
Brief description of the product
Give a brief description of the product containing general information, overview of functions.
Risk Management Studio is a comprehensive toolkit application designed for efficient and effective risk management, by combining the Assessment module with the Business Continuity module providing a holistic approach. RM Studio provides our users with an end-to-end risk management solution ready for immediate deployment in your organization.
Risk Management Studio Features:
- Importing of existing data for your organization (asset lists, policies, stakeholders)
- Includes diverse Risk libraries (IT/IS, operational, project, environmental, strategic)
- ISO/IEC 27001 and Annex A, Security Controls, along with the Implementation Guidelines from ISO/IEC 27002 ready for immediate deployment
- Step-by-step approach to facilitate certification/ compliance process
- Includes Gap Analysis, Risk Assessment, Control Effectiveness Assessment
- RM Studio combines the 3 assessments to create the Risk Treatment with the appropriate suggested controls matched to each risk for mitigation or acceptance
- Full scale Business Continuity management planner included and connected to the Risk Treatment for a higher concentration of continuity planning
- Ready for deployment as a turn-key solution or customizable to meet the individual needs of your organization
Specify the functionality this tool provides.
R.A. Method activities supported
Risk identification : Comprehensive risk libraries included (IT/IS, operational, strategic, financial, project)
Risk analysis : Risk identification per asset is automatically established under the asset categorization
Risk evaluation : Assess the probability and impact of individual risks
- Evaluation template: Risk Profiles, which includes the evaluation templates, are created for the Risk Assessment
- Security Roles: Users, Roles, Responsibilities, Access
Asset inventory & evaluation - Import Asset inventory and evaluate in the risk assessment
R.M. Method phases supported
Risk assessment: RM Studio automatically connects the individual threats and vulnerabilities to each asset through the asset categorization
Risk treatment : RM Studio combines the Gap, Risk Assessment and Control Effectiveness Assessment into a single Risk Treatment process.
Risk acceptance : A risk treatment step within RM Studio that determines risk acceptance and outlines a plan of action.
Risk Communication : SOA, Risk Treatment Residual Risk, Executive Summary, Control Effectiveness, Business Continuity Plan.
- Gap Analysis: GAP Analysis/Compliance check against a standard such as ISO/IEC 27001 or other deployed standards (9001, 14001, 20000, 22000, 22301, PCI DSS, WLA-SCS, CSA CCM).
- Stakeholder module: This module is a web-based interface used with the client installation of RM Studio allowing many stakeholders to add input into the asset and risk evaluations.
Business Continuity Management: RM Studio BCM assists users in developing business continuity plans for their organizations or sectors of the organization
Security Model: RM Studio comes with a powerful security model providing user authentication and authorization.
- Evaluation Templates: RM Studio uses Risk Profiles to establish the asset and risk evaluation templates, as well as set the risk appetite and scoring method.
- Exportation of data
- Easy Install: RM Studio uses an installation wizard and intuitive guidelines for an easy install of the application and the database
Reporting Function: Various reports included and custom user defined reports can be created as requested.
Data Exporting : RM Studio provides the option to export data, compiled and created, to Excel, Word, & PDF. All grids/lists in the application can be exported for further processing allowing for Excel experts to create their own reports.
Date of the first edition, date and number of actual version
Date of first release : 2006
Date and identification of the last version : RM Studio v5.1, May 2016
Link for further information
List the available languages that the tool supports
Languages available : English, German, Icelandic
Pricing and licensing models
Specify the price for the product (as provided by the company on May 2016)
Price: € 2990 annually – 2 users, € 500 annually per additional user
Sectors with free availability or discounted price : Universities looking to provide tools for risk management as part of a curriculum resource
Trial before purchase
Details regarding the evaluation period of the tool
CD or download available : Request a free trial on www.riskmanagementstudio.com
Identification required : Yes
Trial period : 21 days
Specify the technologies used in this tool
Database: All application and user entered data is stored in a database - MS SQL Server (2008 - 2014)
Web Server: A web-based module for stakeholders is available. The Stakeholder module is used for risk and/or asset owners for evaluations.
Application Server: MS SQL Server and Microsoft Reporting Server
Client: The GUI is an application client using .Net framework
Defines the most appropriate type of communities for this tool
Large scale companies
Non Commercial CIEs
Specific sector : All organizations public or private that want to maintain an ISMS, conduct a gap analysis for certain compliance issues or implement information security according to standards.
Information concerning the spread of this tool
General information : World-wide in many different organizations
Used inside EU countries : Germany, Netherlands, Switzerland, Portugal, UK, Italy, Latvia, Greece, Norway
Used outside EU countries : U.S.A., Australia, Canada, Mongolia, India, Pakistan, UAE, Egypt
Level of detail
Specify the target kind of people for this tool based on its functionality
Compliance to IT Standards
List the national or international standard this tool is compliant with
CSA CCM 3.0.1
PCI DSS 3.1
Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard
- ISO/IEC 27001
- ISO 22301
Information about possible training courses for this tool
- Course: ISO/IEC 27001
- Duration: Varies
- Skills: Multiple
- Expenses : Varies
Specify the skills needed to use and maintain the solution
To install : Some system administrative knowledge and access to install the application through the step-by-step install wizard with intuitive installation guidelines and database.
To use : General knowledge of risk management
To maintain : Some system administrative knowledge for database administration (i.e. database backups etc.) and to be able to upgrade application and database upon receiving new versions of software (3-5 per year).
Specify the kind of support the company provides for this product
Support : Online and telephone support.
Organization processes integration
Describe user roles this tool supports
Database Administrator : A MS SQL is supplied with RM Studio and must be connected
RM Studio Administrator : Access to all aspects of RM Studio
Creator : Can create new items of all types
Deleter : Can create new items of all types
Modifier : Modify all types and all existing items
Reader : List and view all item types but cannot modify them in anyway
Super User : Can do complete all actions with the exception of setting security levels/roles
User Defined : Users can create roles based on tasks within RM Studio
Intergration in Organization activities
Interoperability with other tools
Specify available interfaces or other ways of integration with other tools
Export to : Word, Excel, PDF
Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides
Flexibility of tool's database
Can the database be customized and adapted to client requirements?