For customers using RiskVision to build and deploy a risk and compliance management solution, there are two main components to be concerned with:
- Determining the controls and subcontrols that you want to enforce or monitor across your organization, for example to measure security risk across the various computers and other IT assets/entities across your organization. Using Enterprise Risk Management (ERM) or Key Risk Indicator (KRI) methods of risk analysis, you may approach building a risk and compliance management solution from another point of view, by determining the risks you want to evaluate and keeping a close eye across your organization, business units, and business and organization-wide processes and objectives.
Using RiskVision, you can choose from standards-based risks and controls already provided in the Resolver content library. You can then add and combine controls to create a customized "Organization Content" collection of controls that are used in creating programs, performing entity assessments and risk evaluation across your organization. - The collection of your organization's combined entities or resources. Accessing groups of entities from RiskVision, you can apply or evaluate controls for selected entities included in an assessment, measure or monitor their compliance, and calculate associated risk. RiskVision allows you to capture information and inventory nearly any item of value within your organization (referred to as entities), from IT resources such as computers, systems, and applications, to non-IT resources such as property, business equipment, business operations, people, vendors, and processes. In addition, using methods such as ERM, you can model the processes, sub processes, and business objectives that you want to evaluate for risk.