Automate where possible
Connected to ISMS
Automatically identify risks and link current controls
When you activate a task in Cyberday, we automatically document related risks on the risk register. This information helps your risk evaluation, as you understand what's already done to control the risk.
Evaluate risks and know where to invest
By evaluating risks you're pointing out best security investments. If risk level seems unacceptable, Cyberday ensures treatment is initiated. You can tune your own risk evaluation scale and add instructions to ensure everyone executes evaluation with same principles.
Create a treatment plan for unacceptable risks by linking new tasks
On risk treatment you decide the relevant treatment method. When decreasing risks, you get to pick from a large library of best practice controls derived from numerous security standards. Treatment plan is saved on the risk card.
See a summary from table view (i.e. risk register)
Work in Cyberday automatically creates many identified risks. Your job is pick relevant risks for evaluation and most urgent ones for treatment. When the treatment plan is carried out, the residual risk can be evaluated and the risk then closed.
Risk management procedure brings this all to one document
Risk management procedure explains how the risk management in the organization is executed. The procedure in Cyberday is dynamic, meaning that along with the text description the procedure includes a live summary of risk management results. Procedure can easily be shared via Teams for an auditor or company management.
Ensure consistent risk evaluation with common guidelines
Once you start creating own best practices for risk management, share them for the *automated unit 'Risk owners'* through Cyberday. It's important e.g. to remind risk owners about your risk scale definitions, how severe impact e.g. level 3/5 means.