Risk Assessment and Compliance: Finding Out What You Don’t Know to Protect What You Do  
  SEARCH: Sign In | Register | Contact Us | Site Map | Home  

FISMA News

Risk Assessment and Compliance: Finding Out What You Don’t Know to Protect What You Do

Information. Companies need it to stay competitive and the loss of it can mean damage to reputation, loss of clients, legal penalties, and ultimately a potentially devastating loss of revenue. Organizations today are inundated with regulatory compliance mandates: HIPAA, SOX, BASEL II, and FISMA to name just a few. While regulations are enacted to force companies to behave responsibly, the quagmire of requirements, guidelines, and best practices are leaving many companies buried under a mound of paperwork and the IT staff cowering behind a crowd of consultants.
Clearing the Clutter
As organizations struggle to figure out not only how to achieve compliance, but maintain it as well, several companies are stepping forward to assist in organizing the potential chaos of a risk assessment project. VIOPOINT, headquartered in Auburn Hills, Michigan helps organizations identify, assess, and manage the risks associated with information assets. VIOPOINT ‘s specific focus areas include risk management, IT compliance, single sign-on, web application security, database security, threat management, and disaster recovery. Currently working with clients in the financial, health care, and other areas of the private sector, VIOPOINT uses a unique combination of technology combined with process knowledge to help their customers identify and manage the pain points associated with managing risk. However, they are not a run-of-the-mill service provider or consultant firm.
“Our company performs risk assessments but with a twist,” says Rob Cote, president of VIOPOINT. “When we’ve completed a project, the customer has the ability to manage future risk assessments themselves through the use of the tools we offer.”
Setting a Path
Earlier this year VIOPOINT began looking for a software tool that would fulfill the requests they were hearing from their clients such as the ability to track the progress of a risk assessment project and features for consolidating information in one location rather than trying to manage different types of assessment reports collected by many different consulting firms. After examining three other products, Cote and his staff at VIOPOINT chose to partner with Modulo and use their Risk Manager™ product to perform risk assessment and compliance projects for their customers.
“Most of the other solutions we considered were primarily data management systems,” says Cote. “We ultimately selected Modulo’s software because of its specific focus on managing the risks associated with information assets. Risk Manager also has the capability to assess critical compliance mandates such as HIPAA, PCI and SOX, but also best practice standards and frameworks from ISO and NIST.”
Risk Manager helps IT and security professionals automate and streamline the collection of data needed to conduct risk assessments and compliance projects. The software can be customized for various industries and allows auditors, consultants, or security administrators to easily distribute questionnaires online or via email, inventory technology assets, such as workstations, servers and other equipment, as well as non-technology assets such as people, processes and facilities within an organization. Risk Manager centralizes the information collected, eliminating the need for data silos. Information is then compared and measured against regulatory mandates and steps and strategies are provided for maintaining compliance and reducing risk. Finally, automated reports can be generated at any point in the assessment process, providing a snapshot of an organization’s risk levels in real time.
“I’m familiar with the ‘old-school’ way of conducting risk assessments and compliance audits – ten consultants armed with spreadsheets,” says Cote. “Risk Manager cuts the time frame required for these projects from six or eight weeks to two or three.”
Selling the Solution
Cote and his colleagues at VIOPOINT have found that selling Risk Manager’s benefits to clients is as easy as using the software itself.
“The vast majority of clients we meet with are very impressed with the level of detail that Risk Manager supports and its ability to consolidate data into a single location,” asserts Cote. “They are reporting a 30% savings on the resources needed for upfront data collection and 80-90% time savings on reporting processes. Additionally, the benefit of being able to offer our clients a tool with customized data already loaded has been a huge advantage for us over more traditional firms utilizing the old method.”
VIOPOINT’s clients have been very enthusiastic regarding the deployment of Risk Manager for their companies’ risk assessment and compliance projects. Several have agreed to purchase the product and more are actively assessing the tool. VIOPOINT plans to continue working with Modulo to develop additional features and capabilities that customers have suggested.
“So far Modulo has exceeded our expectation and those of our clients,” Cote states. “They are customer-focused, flexible, and committed to the highest quality of service.”
For more information on Modulo and Modulo Risk Manager, visit www.modulo.com


Share or bookmarklet this web page at:



Google
Privacy Policy | Terms & Conditions | Support | Directory Links | Contact Us | Site Map | Home
Copyright © 2007-2008 ComplianceHome.com. A SUPREMUS GROUP venture. All rights reserved.