Risk Management Process: Security Analysis Methodology in SecureWatch

What is ISO 31000?

Graphic of three black question marks to describe the question "What is ISO 31000?"
ISO 31000 is a security analysis methodology, or risk management process, that is used in various risk programs across a range of different industries. It helps standardize the steps you take to evaluate and manage risk, leaving you with a formal and standardized workflow.

Why do we use it?

In our 25 years of experience, we’ve learned that methodology needs to be flexible enough to handle different business functions. RiskWatch developed SecureWatch, our exclusive risk assessment software, to help our clients assess and manage their risk using the ISO guidelines they are familiar with. Keep reading to understand how we use ISO 31000 in SecureWatch and how our methodology stands out from our competition.

What are the benefits of ISO 31000?

ISO 31000 provides a structure, or framework, which allows your businesses to assess and manage risks. It gives companies steps to follow so they anticipate most problems and identify measures to mitigate their impact. When properly implemented, the risk management process can help an organization:

  • Identify threats and opportunities

  • Minimize losses

  • Improve operational efficiency and effectiveness

  • Encourage personnel to identify and treat risks

  • Improve risk management controls

And much more.

How does it work?

The ISO 31000 risk management process can be used by any organization, regardless of size, activity, or sector. The process can be done correctly if the organization follows the guidelines and sticks to the principles. The methodology provides a framework for managing risk, but is customizable:

Infographic of ISO 31000:2009 risk management process overview

What is our approach?

At RiskWatch, our risk management process is the same, but uses different terminology that is focused more around overall security. In SecureWatch, we use a 5-step process:

Infographic of SecureWatch risk management process

 

Where our competitors are rigid and demanding, our approach to risk management is sweet and simple. We provide a broad platform that allows companies to monitor and assess risks of any kind. Within the platform, SecureWatch offers modules, which enable the user to specify the type of risks they would like to monitor. SecureWatch makes it easy for users to assess, monitor and minimize risks from anywhere in the world.

Where does SecureWatch get its data from?

SecureWatch gathers data for the risk management process in numerous ways.

  1. Surveys, which solicit data from key site personnel about the current state of security. The combination of survey roles and site contacts ensures that the correct questions are sent to the appropriate person and site each time so that the information in surveys is always accurate.

  2. Assessments, which can be used to input details on the extent of physical security at a facility.

  3. Third-party partners, Cap Index and Security Gauge, which provide data on criminal trends in an area and help determine the likelihood of an incident occurring at a location.

What are the results?

With the combination of IS0 31000 and the SecureWatch software, RiskWatch has helped alleviate risks and threats for State governments nationally, in all 50 states, and internationally, in Belgium, Canada, Dubai, England, Italy, Malta, Sweden, Saudi Arabia, Turkey, Romania, South Africa, Japan, Thailand and Switzerland. The SecureWatch software and the ISO 31000 analysis methodology work together to make the risk management process simple to perform, easy to analyze and quick to compare.

Sources:

http://perspectives.avalution.com/2011/the-basics-of-iso-31000-risk-management/

http://www.praxiom.com/iso-31000.htm

https://riskwatch.8views.com/secure-watch-how-it-works.html

https://ppl.app.uq.edu.au/sites/default/files/IS031000%20Process%20Diagram.jpg

About the Author:

Leave A Comment