cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer III

Industry emphasis on Risk Management?

Recently I have heard of more and more inquiries as to how Risk Management is being handled and what is being used as far as tools.  This appears to be a current topic of renewed interest.  What have others seen or heard?

4 Replies
Highlighted
Newcomer II

Re: Industry emphasis on Risk Management?

In my organization, ($800M revenue), we have not been able to receive funding for a GRC tool.  So I have used the Gartner/CEB spreadsheet template, constructed within SharePoint a Risk Register and a Security Risk Exception repositories and request and approval workflows.  Not bad for a poor-person's solution.  It has passed SOC2, Type II and ISO 27001 External Certification two years now, and Hitrust Certification as well. 

Newcomer II

Re: Industry emphasis on Risk Management?

I'm in the same boat as you, we have not been able to receive funding for a GRC tool. Where could I get a copy of the Gartner/CEB spreadsheet template?

Newcomer II

Re: Industry emphasis on Risk Management?

My org has updated to RSA Archer 6.x. As a submitter, I find it pretty easy to use and our information protection team has customized intake questionnaires to expedite the assessment/review process. 

Reader I

Re: Industry emphasis on Risk Management?

I am relatively new to my organization, it does not appear the we have a culture that is thinking integrated risk management at this time. I appreciate the insight about the Gartner spreadsheet, perhaps I can use this as an introduction to the need for change towards an integrated risk management approach within the organization.