Modulo Risk Manager helps organizations streamline and automate processes required for in-depth IT risk assessment and compliance projects by collecting and centralizing data related to both technology assets (i.e. software and equipment) and non-technology assets (i.e. people, processes and facilities) in an organization to assess risk and ensure compliance.
Modulo Risk Manager calculates risk scores easily, as it holds knowledge of IT assets, best practices for the various standards, and workable default risk component values for every targeted asset and control. This same knowledge base simplifies individual interview processes with prepared questionnaires.
Time is saved by encapsulating these interviews with a viewer that can be emailed to individuals being surveyed or answered online. After completion, answers are mapped to best-practice controls for any standard and automatically saved in the secure repository.
The software also produces multiple compliance reports using stored data, thereby reducing or eliminating “audit silos”. It is user-friendly and can run on a laptop or server.
Modulo Risk Manager includes a large library of controls and policies grouped into specific policy knowledge bases that can hold more than 11,000 policies, and controls organized into 195 policy knowledge bases having over 4,000 automated evidence collectors.
These knowledge bases are kept up to date by our own research lab, using internationally recognized sources such as NIST, DISA, NSA, CIS, and specific vendors. In addition Modulo Risk Manager allows clients to create their own policy knowledge bases.
How Modulo Risk Manager can help your organization with risk assessment:
- Reduces the effort required for risk assessment by up to 50% compared to traditional methods
- Creates a metrics- and index-based security scorecard
- Provides a centralized repository for all organizational assets (software, hardware, environment, people and process)
- Collects and centralizes data relating to technology assets, (software and equipment) and non-technology assets (people, processes and environment)
- Ensures that your organization remains up to date with the latest market practices, with continuous updates of the knowledge bases
- Generates risk indicators for corporate governance
- Provides detailed recommendations to support control implementation.
- Provides a geo-referenced risks overview (can be viewed in Google Earth)
- Provides risk assessment that assists you in measuring your organization's current level of compliance with SOX, PCI, ISO 27001, HIPAA, COBIT, FISAP, FISMA, NIST 800-53a, BS 2599, A-130, and DOD 8500.2
- Tracks risks evolution
- Generating executive reports that enable you to monitor the evolution of control implementation
