Systematic risk management in accordance with EU regulations
Risk management in one place. The system guides you step by step to give you a full assessment of threats to all company assets.
The analysis will no longer be scattered across different people and departments. You gain a comprehensive, multidimensional picture of risk.
RED INTO GREEN functionalities
Explore information about your organization’s cybersecurity in one tool with dozens of functionalities. Here is a list of key functionalities for implementing DORA, NIS2 or GDPR.
Supplier surveys and assessments
A complete collection of risk data in one place. All your suppliers with the appropriate surveys for DORA or NIS2 in one archive. Register of suppliers in the supply chain and ICT suppliers.
Document Repository
Store and record policies, procedures, templates, and any other company documents related to company security.
Use document templates.
Incident Assessment
Register, categorize, classify ICT incidents and notify controlling entities about them.
Find out the exact impact of an incident on assets in your organization. This will allow you to easily verify procedures and justify the budget for the necessary security measures.
Automatic risk assessment
Assess risk in an automated way, in all dimensions. Examine risk in a convenient way – processes, vulnerabilities, products and other useful cross-sections.
Analytics and Reports
Use built-in or build your own summaries and export results. Generate reports for management, control bodies, clients or for internal audits.
Project management workflow
Communicate with all people involved in the compliance process – regardless of whether they have an account in the RIG system: IT, compliance, legal, purchasing, suppliers. Thanks to this, you have knowledge about the implementation of tasks that determine accountability in one place.
Risk treatment plans
Define plans. Check their impact on the level of risk in the organization, and then implement them. Demonstrate due diligence to control bodies by presenting them with plans.
Linkage maps
Discover the links between supporting assets, vulnerabilities, processes, threats, security, products and services – all elements that affect the level of risk in the organization. Manage links by selecting their different configurations.
RED INTO GREEN Modules
RED INTO GREEN application implementation
Regardless of which application module you choose, you can implement the RED INTO GREEN system yourself or use the implementation service.
If you implement it yourself, you will receive support in the form of regular training, materials on how to use it, as well as meetings with a mentor who will clarify doubts and instructions for the tool. If you choose the RIG system implementation service, a consultant will guide you through the implementation project and finally train your team in the use of the RIG system.
Preparing an organization for a DORA or NIS2 compliance audit with the RIG tool takes from 3 to 6 months and depends mainly on the availability of information in the organization, not on the method of implementing the tool.
Stand-alone implementation
Independent implementation is carried out by a selected person in your organization, who receives substantive support during the software subscription. Upon gaining access to the system, this person receives instructions for the tool, signs up for the first 2 hours of consultation with a supervisor and uses the recordings of the entire series of risk management training courses at RED INTO GREEN.
As part of the subscription, you can use your 2 hours of consultation each month. You can also participate in newly created trainings and use the trainings that have already been completed in parallel. The trainings guide you through risk management from the description of the organization in the system, through risk assessment, to risk management.
Application login
You gain access to the application and assign user privileges.
Application training
You take advantage of the first 2-hour consultation. You start a series of recorded trainings using the RIG tool.
Process register
You collect information about processes in your organization.
You complete the prepared process register.
Mapping
You combine information about: threats, supporting assets and their vulnerabilities and their security. Then you combine information about processes and products and services.
Risk assessment
You automatically estimate the risk.
Risk treatment planning
You create reports and risk treatment plans.
Implementation of treatment plans
You assign tasks resulting from risk treatment plans to team members.
Supplier surveys
You send out supplier surveys from the system.
Completing supplier contracts
You send annexes to supplier contracts.
Record keeping
You build a repository of documents and appropriate registers of contracts with suppliers.
You build an incident assessment register, assess incidents and prepare a report on serious incidents to the supervisory authority.
Reporting
You prepare a work plan for a given period (annual, semi-annual), build a report and present it to the board.
Implementation with a consultant
In this case, the implementation is supported by a consultant who has experience in risk management and has already worked with clients from the financial industry. When you receive access to the system (similarly to the case of stand-alone implementation), you receive instructions for the tool and can use recordings of the entire training cycle on RIG and risk management.
You are not affected by the hours of work with the consultant. However, you will be asked to provide information about supporting assets, processes and security in your organization, which are necessary to start working in the application. The consultant will complete most of the steps for you and then train your team.
Project kick-off
The consultant establishes a schedule of activities, scope of responsibilities and authorizations within the RIG application, as well as how information will be communicated.
Logging into the application
The team receives access to the application, and the consultant assigns authorizations to users.
Process register
The consultant collects information about processes in your organization.
Completes the prepared process register.
Mapping
The consultant combines the information provided about: threats, supporting assets and their vulnerabilities, and their security. Then, he combines information about processes and products and services.
Risk assessment
The consultant automatically estimates the risk in the system and presents various variants.
Risk management planning
Based on the estimated results, the consultant creates reports and risk management plans.
Implementation of management plans
The consultant presents risk management plans and, after consultation with the team, assigns tasks resulting from the risk management plans.
Supplier surveys
The consultant sends out surveys to suppliers from the system.
Completing supplier agreements
The consultant sends annexes to supplier agreements.
Maintaining records
The consultant builds a document repository and appropriate supplier contract records.
The consultant then prepares an incident assessment register. He assesses incidents and creates a request for serious incidents to the supervisory body.
Reporting
The consultant proposes a work plan for a set period (annual, semi-annual), builds a sample report that can be presented to the management board.
Team training
The consultant conducts training that covers system operation in the scope of risk assessment (estimation, analysis, planning) as well as application administration (navigating the repository, registers, system updates, permissions.)
If you want to learn more about the product, details related to the subscription, price, access or have other questions, register!