Implementing
risk management across your organization
Consolidate your entire risk management process into a single, unified platform aligned with a Risk-Based Approach. Ready to begin?
- Step 1: Choose the product that fits your needs.
- Step 2: Leverage expert consultancy or follow our structured implementation roadmap.
Implement RIG DORA & NIS2 in your organization
Regardless of which product you choose, you can implement the RED INTO GREEN system on your own or use our implementation service.
If you choose to implement the system yourself, you’ll receive support in the form of regular training sessions, user guides, and meetings with a support specialist who will address any questions you may have and provide instructions on how to use the tool.
If you choose the RIG system implementation service, a consultant will guide you through the implementation project and, at the end, train your team on how to use the RIG system.
Preparing your organization for a DORA or NIS2 compliance audit using the RIG tool takes 3 to 6 months. It depends mainly on the availability of information within the organization, rather than on the method of tool implementation.
Expert-led industry implementation
The implementation with a consultant is led by someone with experience in risk management who has previously worked with clients in the financial sector. Once you gain access to the system—just as with a self-guided implementation—you’ll receive instructions for the tool and can access recordings of the entire training series on RIG and risk management.
You are not required to spend time working with the consultant. Instead, you will be asked to provide information about supporting assets, processes, and security measures necessary to begin working in the application. The consultant will perform most of the steps for you and then train your team.
Project kick-off
The consultant works with the team to establish a schedule of activities, the scope of responsibilities and permissions within the RIG application, and the method for sharing information.
Logging into the application
The team is granted access to the application, and the consultant assigns permissions to users.
Registry of Processes
The consultant gathers information about the processes in your organization. They complete the prepared process register.
Mapping
The consultant combines the information provided regarding threats, supporting assets, and their vulnerabilities, and safeguards. They then combine information about processes, products, and services.
Risk assessment
The consultant automatically assesses risks and presents various scenarios.
Risk management planning
Based on the estimated results, the consultant creates reports and risk management plans.
Implementation of risk management plans
The consultant presents the risk management plans and, after consultation with the team, assigns tasks derived from them.
Surveying suppliers
The consultant sends out surveys to suppliers via the system.
Updating contracts with suppliers
The consultant sends out annexes to contracts with suppliers.
Maintaining records
The consultant builds a document repository and maintains relevant records of contracts with suppliers.
Next, they prepare an incident assessment record. They assess incidents and draft a report on serious incidents for submission to the supervisory authority.
Reporting
The consultant proposes a work plan for a specified period (annual or semi-annual) and prepares a sample report to be presented to the management board.
Team Training
The consultant conducts training on using the system for risk assessment (estimation, analysis, planning) and on application administration (navigating the repository and registers, system updates, permissions).
Self-guided subscription implementation
Self-implementation is managed by a designated member of your organization, who receives dedicated technical support throughout the duration of the software subscription. Upon gaining system access, this individual receives comprehensive onboarding instructions, two hours of initial consultation with a support specialist, and full access to our complete risk management training library.
As part of your subscription, you can participate in newly developed training sessions while maintaining access to all archived sessions. Our training program guides you through the entire risk management lifecycle—from defining your organization within the system to conducting assessments and ongoing management.
Logging into the application
Gain access to the application and assign permissions to authorized users.
Application Training
Receive seven hours of expert consultation and begin a series of recorded training sessions on the RIG tool.
Registry of processes
Collect information regarding organizational processes and complete the standardized process registry.
Mapping
Link threats, supporting assets, vulnerabilities, and safeguards. Integrate these data points with information on processes, products, and services.
Risk assessment
Execute automated risk assessments within the platform.
Risk management planning
Generate comprehensive risk management reports and strategic action plans.
Action plan implementation
Assign specific tasks arising from risk management plans to the relevant team members.
Supplier surveys
Distribute surveys to suppliers directly through the system.
Updating supplier contracts
Issue amendments to supplier contracts.
Maintaining records
Build a centralized document repository and maintain detailed records of supplier contracts. Manage the incident assessment log, evaluate events, and prepare serious incident reports for the supervisory authority.
Reporting
Develop a work plan for the defined period (annual or semi-annual), prepare final reports, and present findings to the management board.
RED INTO GREEN products
Compliance roadmaps for DORA and NIS2
Product
RIG DORA
Learn how to maintain compliance with DORA. The process involves risk analysis, an incident register, and a register of ICT supplier information.
Product
RIG NIS
Learn how to implement NIS2 compliance. The process involves risk analysis, an incident register, and a registry of supply chain vendor information.
Regulatory compliance based on the RED INTO GREEN methodology
The risk assessment methodology, representing the Asset-Based Approach (the approach recommended by the EU) forms the foundation of the RIG risk analysis system.