[ tool name ]
Tool Identity Card
Basic information to identify the product. The information provided here contains the name of the product, the company or cross-frontier organization that provides the product and the country of origin in case the product originated from a company or national organization.
Tool name :
Vendor name :
Country of origin :
Level of reference of the tool
Details about the type of initiator of the product:
• World-wide (state oriented) • World-wide (sector oriented) • Regional • Local • Sustained by organization, club
Supported by organization, club,... (e.g. as sponsor) :
Brief description of the product
Give a brief description of the product containing general information, overview of functions.
Specifies the functionality this tool provides.
R.A. Method activities supported: Does the tool provide Risk assessment functionality? If yes, specify the activities included and how they are supported.
R.M. Method processes supported: Does the tool provide Risk Management functionality? If yes, specify the processes included and how they are supported.
Other functionality: Does the tool provide any further functionality not included in the previous? If yes, specify and describe it.
Information Processed: Specify what kind of results/output this tool generates in each phase.
R.A. Method phases supported
- Risk identification :
- Risk analysis :
- Risk evaluation :
R.M. Method phases supported
Risk assessment :
Risk treatment :
Risk communication :
Date of the first edition, date and number of actual version.
Date of first release :
Date and identification of the last version :
Official web site: hyperlink to the site of the originator/provider of the product, where to download the product or order it.
Related user group web site: hyperlink to the web site of the user group (if any) for the product.
Main relevant web site: web site that offers relevant and neutral information concerning the product.
Official web site :
user group web site :
Relevant web site :
List the available languages that the tool supports
Languages available :
Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005).
Free: the solution is free (“freeware”).
Not free: specify the price for the different licensing models.
Maintenance fee: the yearly fee for maintenance.
Sectors with free availability or discounted price: if the tool is not free, specify kind of organizations that it may be provided as free or have a price discount.
Sectors with free availability or discounted price :
Trial before purchase
Details regarding the evaluation period of the tool (if it does exist).
CD or download available :
Identification required :
Trial period :
Specify the technologies used in this tool as well as how it is deployed (stand alone application, web application, database used…)
Web server :
Application server :
Defines the most appropriate type of organizations the product aims at:
Governments, agencies: the product is developed for organizations working for a state (e.g. the NSA in USA).
Large companies: the product is useful for companies with more than 250 employees. •
SME: the product is useful for small and medium size companies that cannot afford dedicated Risk Management personnel or complete segregation of duties.
Commercial companies: the product is targeted to companies that have to implement it due to commercial demands from stakeholders, financial regulators, etc.
Non-profit: companies where commercial benefits are not essential like the NGO’s health sector, public services, etc.
Specific sector: the product is dedicated to a very specific sector (e.g. nuclear) and usually cannot be used in other sectors.
Specific sector :
General information about the spread of the product including:
Used in European countries: list of EU member states in which implementation is known by working group members. This includes organization as: • European institutions (e.g. European Commission, European Union Council, European agencies). • International organizations situated in Europe (e.g. NATO, UNO, OECD, UNESCO).
Used in non-European countries: used within potential new member states of the European Union or outside the EU in other countries such as Switzerland or USA.
General information :
Used inside EU countries :
Used outside EU countries :
Level of detail
The targeted kind of users is:
Management level: generic guidelines.
Operational level: guidelines for implementation planning, with a low level of detail.
Technical level: specific guidelines, concerning technical, organisational, physical and human aspects of IT Security with a high level of detail.
Compliance to IT Standards
List the national or international standard this tool is compliant with.
Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard.
Information about possible training courses for this tool
The level of skills needed to implement and maintain the product (method or standard):
Basic level: common sense and experience.
Standard level: some days or weeks of training are sufficient.
Specialist level: thorough knowledge and experience is required.
To install: the skills needed to install the necessary products.
To use: the specific qualifications needed in order to perform current work (documentation easy to understand, user-friendly interface, etc).
To maintain: is the product stable or are there regular updates that require specific education or regular training. (on a technical side: is it necessary to hire a specialist to perform the actions?)
To install :
To use :
To maintain :
Specify the kind of support the company provides for this product
Support (telephone, email) :
Organization processes integration
Tool foresees different roles of users: Specify and explain if the tool supports roles of users.
Tool delivers results that can be used by other processes/activities: Is it able for someone to use the results of this tool in another organization’s activity?
Intergration in Organization activities
Interoperability with other tools
Specify available interfaces or other ways of integration with other tools
Sector adapted knowledge databases supported
Specify whether the tool provides a knowledge database specific for a sector
Flexibility of tool's database
Specify whether it is possible to customize the tool’s knowledge database to client requirements.