Infogov
E-mail: contact@infogov.co.uk | Phone: +44 (0)870 991 7213
The leader in Web-based Governance,
Risk, Compliance and Fraud Management

Major Incident, analysis and opinion

10th March 2008

Major incidents may be described as "those for which the degree of impact is extreme" and "for which the timescale of disruption — to even a relatively small percentage of users becomes excessive..."

With ever increasing competitive and economic pressures, organisations are less likely to conduct effective, detailed analysis of contributing causes of major incidents without strong executive sponsorship and dedicated process ownership.

Due to the cross-organisational nature of the major incident review process, and the required commitment of time and resources, successful implementation of a major incident evaluation process must start with Board-level sponsorship – augmented by appropriate evidencing technology.

That technology exists today and, in Infogov's Proteus Enterprise™ the following capability is provided:

  • Collation of evidence and statements
  • Full history log from opening of incident to close
  • Full security to protect sensitive data
  • Uploading of evidence/documents
  • Cross-referencing incidents to failed controls, and affected assets
  • Publishing of incident web portal pages to gather related data across the organisation, with data linked to Proteus
  • Automated text and E-mail alerts by predefined incident categories

Proteus Enterprise™, developed by InfoGov and recognised by Gartner, provides the solution through converging Corporate Governance, Compliance, Risk and Fraud Management into one web-based tool.

But how do you adopt convergence of corporate governance and compliance with multiple standards, risk and fraud management in one solution? Our unique approach brings together and links controls, compliance, business impact, risk analysis, documentation and incident management into one total solution. Proteus RiskView™ provides a powerful business intelligence 'dashboard' and reporting capability allowing real time visibility of risks at Board level via the web.

GRC Software selection, features & benefits

7th March 2008

Regulations, market pressures and increasing stakeholder demands has placed governance, risk, compliance as well as fraud prevention and detection at the forefront of enterprise development.

In this complex and difficult to navigate space, GRC&F software selection and the commensurate features and benefits analysis is all too often time consuming and potential damaging and expensive to a company who gets its wrong.

The features and benefits of Proteus Enterprise™ GRC&F software application does the following, and more:

  • Can be supplied with ISO 27002/1, PCI DSS, CoBiT, BS25999 and SOX etc. In fact, can support any form of questionnaire that is based around a structure of sections, controls and questions, e.g. public standards, industry standards, regulation or corporate specific.
  • Risk assessments can be reviewed and authorised outside of Proteus™ using encrypted emails and PDFs.
  • Comprehensive ‘Risk Matrix’ plotting Risk vs. Business Impact.
  • Action plans or work packages can be evaluated to calculate a Return On Security Investment (ROSI) and maintain feedback for corrective actions.
  • RiskView management information (charts, graphs, reports etc.) can be customised and published to your Intranet for viewing independently of Proteus™.
  • Risk assessments can be performed quickly and easily using a graphical five-stage process.
  • All changes are logged and available for audit.
  • An asset's importance is evaluated by its CIA assessment, its value & contribution to the process(es) it supports.
  • Threat & countermeasure template lists are available relating to BSI and ISF publications.
  • Threats and countermeasures can be applied to generic asset types.
  • Threats & countermeasures can be inherited from the asset's location e.g. data centre.
  • Threats are inherited from related assets. e.g. a CRM database (information asset) will inherit threats from the Server (physical asset) it runs on.
  • Using Proteus RiskView™ you can graphically picture risk exposure.

Recognised by Gartner, Proteus Enterprise™ provides the solution through converging Corporate Governance, Compliance, Risk and Fraud Management into one web-based tool.

But how do you adopt convergence of corporate governance and compliance with multiple standards, risk and fraud management in one solution? Our unique approach brings together and links controls, compliance, business impact, risk analysis, documentation and incident management into one total solution. Proteus RiskView™ provides a powerful business intelligence 'dashboard' and reporting capability allowing real time visibility of risks at Board level via the web.

GRC technology cross-references regulation and standards

4th March 2008

With the ever increasing emergence of new standards and regulation it is becoming common knowledge that organisations now need – and with some urgency – holistic governance, risk, compliance and fraud management utility.

For unified capability in this space, professionals and managers need to know - at a stroke – how to ensure compliance with multiple clauses from numerous standards. A tool is therefore required that templates to these standards, cross-references elements of them and applies them to stakeholders as controls for action, as appropriate.

Lest take together, for example, ISO 27001 - the information security standard, BS EN ISO 14971:2001 – the risk management standard, and ISO9001 – the quality assurance standard. Certain professionals and managers in organisations having to comply with all of these – and sometimes more – will need to know routinely what they have to do for success, with minimal bureaucracy. So cross-referencing of related clauses augmented by technology will save time, effort and angst.

This cross-referencing capability is pivotal for unified governance, risk, compliance and fraud management strategies. Proteus Enterprise™, developed by the UK company InfoGov Ltd and recognised by Gartner, provides the solution through converging Corporate Governance, Compliance, Risk and Fraud Management into one web-based tool.

But how do you adopt convergence of corporate governance and compliance with multiple standards, risk and fraud management in one solution? InfoGov's unique approach brings together and links controls, compliance, business impact, risk analysis, documentation and incident management into one total solution. Proteus RiskView™ provides a powerful business intelligence 'dashboard' and reporting capability allowing real time visibility of risks at Board level via the web.

InfoGov to provide technology for new standard on fraud

29th February 2008

The governance, risk and compliance industry was quick to appreciate that the new standard on fraud prevention and detection currently undergoing the final stages of development by the British Standards Institute, as PAS 8000, would require underpinning technology such as InfoGov's Proteus Enterprise™ application.

Eighteen bodies including government departments, fraud interest groups and firms met in Bracknell, UK on 22nd January to take the standard on to final release predicted to be August this year.

The need for the standard was driven by recognition that law enforcement agencies required more from industry to tackle this problem.

The standard mandates enterprises to enhance their fraud prevention and detection efforts. Expanding necessarily on ISO 9001:2000 in various specialist respects, the Standard introduces additional requirements to address a complete approach to fraud prevention and detection.

Certification mandates organisations' leaders to account and take responsibility for privileges, and to establish a total fraud management Executive Committee. The Executive Committee is mandated to deliver a supporting infrastructure and resources to focus on fraud by the application of management, tools, techniques, human behaviour and technology as defined in the Standard. InfoGov's Proteus Enterprise fulfils the supporting infrastructural elements.

The objective is to achieve substantial improvements in quality in terms of fraud prevention and detection throughout the organisation value stream and supply chain. It applies to all areas of fraud, theft, and financial crime perpetrated by, against, or through the organisation.