Overview
HOPEX IT Risk Managementis used to manage risks, compliance and IT vendors. You can capitalize on HOPEX Architecture or HOPEX IT Portfolio Management legacy inventories or enter them directly in the solution.
Business
Managing IT Risks
HOPEX IT Risk Management is used to:
• identify threats and vulnerabilities based on appropriate frameworks or information sources (for example: ISO 27005, CVE).
• produce reports concerning vulnerabilities and identify the risks that threaten IT assets.
• assess the risk level of IT assets, with an expert view or via questionnaires sent to application owners.
• identify the risk scenarios and the cause-and-effect links between risks.
Managing IT Compliance
IT departments must comply with a number of regulatory requirements and consequently deploy different types of controls on the IT assets.
HOPEX IT Risk Management is used to:
• identify the appropriate IT regulation frameworks (ISO 27002, NIST), the resulting requirements as well as the control types to implement.
• assess the control level (control design and efficiency) with an expert view or via questionnaires sent to application owners.
• produce reports illustrating the regulatory compliance level achieved.
Managing IT vendors
HOPEX IT Risk Management is used to:
• enter vendor commercial data
• launch assessment campaigns with a view to assessing the relationship with these vendors
• assess the global risk level represented by the vendor