The document discusses SureCloud's engagement with the ISF's IRAM2 program, emphasizing their platform's capabilities in streamlining risk assessments and compliance processes. It outlines the features of the SureCloud platform, such as automated workflows and multi-assessment management, aimed at enhancing organizational risk management. Additionally, it provides insights on the triage approach to IRAM2 assessments and highlights further opportunities for involvement.

1. www.surecloud.com
© 2016 SureCloud Limited.
All rights reserved.
Risk Manager for IRAM2
Thursday 17th November 2016
Presented by:
Nick Rafferty, Chief Operating Officer
Oliver Vistisen, Head of Products

2. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
Agenda
• Introduction to SureCloud
• What is IRAM2?
• IRAM2 on the SureCloud Platform
• Demonstration
• Further Opportunities
• Questions & Answers

3. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.
Introduction to SureCloud

4. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is the SureCloud Platform?
Create & Notify Assess Review Sign-off
Global
City 1 City 2 City 3
Region
Register: Suppliers
Date: May16
Unit: EMEA
Supplier 1
Supplier 2
Supplier 3
Supplier 4
Supplier 5
Registers Workflows
Assessments
 3rd Party Risk
 Risk Assessment
 Compliance Gap Anal.
 Audit
 CSR
 Incident Response
 BIA
Groups Reports Dashboards & Charts
API: Excel, Power BI

5. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com

6. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com

7. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
SureCloud GRC Applications

8. How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.
What is IRAM2?

9. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?

10. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?

11. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?

12. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is IRAM2?

13. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
IRAM2 Assessment Tool

14. How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.
IRAM2 on the SureCloud Platform

15. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What has SureCloud done?
• Multiple staff members attended ISF practitioner training
• Worked with key ISF community members to ensure we can support wider practitioner
requirements
• Conducted multiple in-house risk assessments to understand the methodology in detail
• Proactively suggested ways to streamline the process through technology

16. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What does the SureCloud Platform provide?
• Re-use of common stages through centralisation of content
• Workflow to automate aspects of the process
• Notifications and offline assessments
• Multi-assessment management and status tracking
• Aggregation across assessments and business focused reporting
• Links to other GRC applications such as Compliance Manager for BAU activities

17. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
IRAM2 Assessment Tool

18. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
What is SureCloud delivering?

19. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.
Demonstration

20. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.
Further Opportunities

21. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
IRAM2: Triage Approach
• A full IRAM2 assessment may not be necessary for all levels of criticality
• Each organisations BIA can drive informed decision-making:
Major or Critical BI Rating – undertake the full IRAM2 methodology
Medium BI Rating – apply Prioritised Controls
Minor BI Rating – No need to proceed
• Predefined Threat & Threat Events assessments and Control Effectiveness assessments
• The ISF is currently working to define what a triage approach might look like

22. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
Tying it all together
Compliance Manager
Policies
ISO
Operational
Controls
Processes
Objectives
Actions
List
Risk
Assessments
Champions Owners
Categories
Risk
Library
Department
Incidents
Affected Assets
Failed Controls
Loss Estimation
Action Plan
Incident Manager
Audits
Audit Universe
Systems &
Components
Assets
Business
Impact
Assessments
Products &
Services
Audit Plan
Tests
COSO
Control
Library
PCI OHSAS
Risk
Appetite &
Tolerance
Metrics
Standards
Requirements
Emergency
Response&
DR Plans
Training
Business Continuity Manager
Policy Manager
Audit Manager
ReferenceLists
Findings
GRC
AssessmentManager
Third Party
Register
Key
Contacts
Relationship
Owner
Assessments
Risk Manager

23. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
How SureCloud maximised its involvement with the ISF’s
IRAM2 programme and how you can do the same.
Questions & Answers

24. © 2016 SureCloud Limited. All rights reserved. www.surecloud.com
Questions & Answers
About SureCloud
• SureCloud is a provider of GRC Applications and Cybersecurity Services. Our Cloud Platform has
helped 100s of blue chip businesses and 1,000s of users to improve productivity and efficiency by
replacing and automating spreadsheet based risk and compliance processes
• In addition, our cybersecurity testing and assurance services team help organisations secure their
information assets, systems and networks as well as providing a holistic view of cyber risk using the
SureCloud Platform.