BPM Information security
Only BPM Information security is such a comprehensive system that automates asset inventory, information classification and risk analysis processes, allows you to plan activities in the area of risk management, audit and incident management, and enables full integration of the following areas:
- information security in accordance with ISO 27001, ISO 27005,
- business continuity in accordance with ISO 22301,
- personal data protection (RODO / GDPR),
- operational risk management (ERM),
- training management,
- management of requirements and internal order,
- audit and compliance management,
creating a useful, complete and efficient GRC – Governance, Risk, Compliance platform.
The system allows you to create an asset base composed of any resources:
- IT systems
- software / license
- premises and facilities
Each asset has its passport / record, which specifies its main features and connection with the data it processes. The system allows you to enter activities planned for the asset (activity calendar), and the entire history related to the asset is recorded on its card. You can find more details here.
The system automates the implementation of a specific data inventory in the organization, their grouping and determination of security parameters.
The owner of the information, describing the information group, indicates the level
- and other information security parameters, e.g. authenticity.
Information is related to the systems in which it is processed and other assets that constitute its carrier or place of processing.
After user input, the ISMS coordinator has the ability to merge, aggregate, and report on the classification of information.
For each asset (information processing site), its business owner is assigned a risk assessment task. Asset owners evaluate the likelihood of events by describing the vulnerabilities of the asset. The system calculates the risk of losing safety parameters and guides the user through the process of planning activities related to risk mitigation and its monitoring.
Based on the proposed activities related to risk management, authorized users aggregate the action plan and assign persons responsible for their implementation. The system monitors the performance of activities and enables the assessment of effectiveness.
By implementing risk management in the organization in the areas of strategic, operational, security and personal data protection, we have the ability to fully integrate the process, from risk identification, assessment and analysis, to planning and implementation of the risk management plan.
The system automates incident management from the moment of reporting, through identification of causes, assessment of effects, securing assets and evidence, to planning and implementation of actions related to the removal of effects and elimination of the causes of the incident.
The system monitors the users, the timeliness of the tasks undertaken, and allows the incident to be assigned to information, resource, area and risk, which enables an effective analysis of the security status and effectiveness of security measures.
BPM information security is a complete system, with the use of additional platform modules, all activities related to information security management are automated by the system.
BPM ensures effective document management based on a document library .
You will build awareness through training and testing .
The development of the declaration of use document becomes trivial thanks to the conformity assessment functionality.
You will plan, implement and report the audit results, inconsistencies, observations and recommendations with the use of internal audit support mechanisms.
Measuring the effectiveness of security is possible within the BPM objectives and indicators module.