Risk Management

Risk Management Doesn't Have To Be Hard

ComplianceForge currently offers two (2) products that are specifically designed to assist companies with cybersecurity risk management:

The Risk Management Program (RMP) is program-level documentation that is an essential need for any organization to demonstrate HOW risk is actually managed within an organization. Most companies run into issues during audits when the actual practices for risk management are looked at. The RMP is meant to advance your organization to a mature level of risk management and have the documentation to prove it! 

The Cybersecurity Risk Assessment Template (CRAT) supports the Risk Management Program (RMP), but it is a stand-alone product that consists of Microsoft Word and Excel templates that enable any organization to conduct repeatable and quality risk assessments. If you can use Microsoft Office products, then you can follow the guidance in the CRAT to create your own quality risk assessments. The Cybersecurity Risk Assessment Template (CRAT) addresses natural, man-made and cybersecurity risks to provide a robust risk assessment template. The cybersecurity controls used in the template are from NIST 800-171, which is based on leading NIST 800-53 and ISO 27002 controls.

From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing security program documentation:

Risk Management Program (RMP) Cost Savings Estimate

From surveying cybersecurity professionals, we created the following chart to provide a comparison of options for companies needing a documented cybersecurity risk management program. As you can see, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a RMP from ComplianceForge is approximately 10% ($13,500+ savings) of the cost as compared to writing your own documentation and 4% ($36,00+ savings) of the cost as compared to hiring a consultant to write it for you!

2017-pricing-cybersecurity-risk-management-plan-program-example.jpg

Cybersecurity Risk Assessment Template (CRAT) Cost Savings Estimate

Similar to the RMP example above, when you factor in internal staff time to perform reviews and refinements with key stakeholders, purchasing a CRAT from ComplianceForge is approximately 29% ($2,500+ savings) of the cost as compared to writing your own documentation and 18% ($4,500+ savings) of the cost as compared to hiring a consultant to write it for you!

2017-pricing-cybersecurity-risk-assessment-template-example.jpg

Can You Honestly Answer HOW Risk Is Implemented At Your Organization?

When you "peel back the onion" and prepare for an audit, there is a need to address "the how" for certain topics, such as risk management. While policies and standards are designed to describe WHY something is required and WHAT needs to be done, many companies fail to create documentation to address HOW the policies and standards are actually implemented. We did the heavy lifting and created several program-level documents to address this need and the Risk Management Program (RMP) is one of those products.

2017-cybersecurity-audit-preparation-risk-management-program-risk-assessment-template.jpg

Sort by:

Sign up for our Newsletter!

×
×