cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Daniel-Nash1
Newcomer III

Industry emphasis on Risk Management?

Recently I have heard of more and more inquiries as to how Risk Management is being handled and what is being used as far as tools.  This appears to be a current topic of renewed interest.  What have others seen or heard?

4 Replies
Krisboike
Newcomer II

In my organization, ($800M revenue), we have not been able to receive funding for a GRC tool.  So I have used the Gartner/CEB spreadsheet template, constructed within SharePoint a Risk Register and a Security Risk Exception repositories and request and approval workflows.  Not bad for a poor-person's solution.  It has passed SOC2, Type II and ISO 27001 External Certification two years now, and Hitrust Certification as well. 

Damyen
Newcomer II

I'm in the same boat as you, we have not been able to receive funding for a GRC tool. Where could I get a copy of the Gartner/CEB spreadsheet template?

danyo
Newcomer II

My org has updated to RSA Archer 6.x. As a submitter, I find it pretty easy to use and our information protection team has customized intake questionnaires to expedite the assessment/review process. 

Jazyrn
Reader I

I am relatively new to my organization, it does not appear the we have a culture that is thinking integrated risk management at this time. I appreciate the insight about the Gartner spreadsheet, perhaps I can use this as an introduction to the need for change towards an integrated risk management approach within the organization.