Do you use an ERM-system that also includes cyber security risk management? What tools or systems do you use?
Sort by:
We are using group wise https://www.gartner.com/reviews/market/it-vendor-risk-management-solutions/vendor/archer/product/archer?gxtm_source=peer-community&gxtm_page=detailview for ERM, IT and Security Risk
We are using Archer across the group. <br><br>PS. Someone please to edit my comment above.
We use a GRC platform called Standard Fusion which has been a good mid-market solution for Enterprise Risk, IT Risk, etc. We are also evaluating Archer as a step-up.
We use ZenGRC which has built in frameworks for compliance checks (NIST etc.). The firm also updates proactively when framework or compliance (HIPAA/CJIS etc.) requires change. We use it to track audits (very versatile to assign audit criteria) maintain compliance evidence; vendor compliance processes and reviews; internal policy compliance (and standards compliance, remote access compliance, and a few other functions. It also has a risk scoring hierarchy which helps take the guesswork out of our vendor cyber evals. Our other organizational divisions also use it to track their compliance (internal audit etc.), but the platform was identified, implemented and primarily used by our security team.
We are using Riskonnect across the group for ERM, Internal Controls, Digital Security Risks & Compliance, TPRM, IA, Global Policy Mgt, Insurance