As policies and procedures change, configuring the GRC technology risk applications to automatically follow the new policy.
Information technology (IT) security operations management
Enhancing the organization’s planned response to cybersecurity-related crises by linking the crisis management plans found within the business continuity module to the security organization’s incident response actions.
Linking the resiliency compliance requirements often found in regulated industry sectors with business continuity program efforts where compliance evidence naturally occurs (e.g., artifacts and results of business continuity tests and exercises).
Threat management/risk assessment
Helping detail and visualize the potential risk and impact balanced with the organization’s capabilities for response to changes in the enterprise’s risk exposure and risk appetite.
Enhancing transparency into a vendor’s resiliency by linking to the key vendors found within the business continuity plans and the impact an impaired vendor might cause on the organization. As new key vendors are identified, ensuring the right focus is maintained on the need for their resiliency, service-level-agreement development, on-boarding and monitoring.
Capturing and facilitating the analysis of important incident-related artifacts about company assets and resources. This can include impact identification and quantification for the assets involved, as well as other attributes necessary for financial, regulatory, contractual, reputational post-incident analysis and follow-up.