Governance, Risk & Compliance (GRC)
GRC is a discipline that aims to synchronize information and activity across governance, risk management and compliance in order to operate more efficiently, enable effective information sharing, more effectively report activities and avoid wasteful overlaps.
Let’s keep this simple: Take whatever GRC use case you want, we don’t dictate what you can and can’t do. Start with our baseline configurations to get your solution up and running fast. Use drag-and-drop, self-serve tools that let users enhance these configurations to best meet their requirements.
- Audit Management
- Policy Management
- Business Continuity
- Regulatory Change
- Enterprise Risk Management
- Exception Management
- Incident management
- Vendor Risk Management
Built for Change
Most GRC platforms are outdated before they’re fully implemented. That’s because vendors usually ask for all requirements upfront and hardwire dependencies during the initial design. Not Rsam. Our platform can adapt to any change you throw its way. Your modules all draw from a single, centralized repository built in a relational architecture. That means you can make changes without fear of breaking dependencies.
Demonstrate Value Quickly
Deploy an out-of-the-box, turnkey baseline configuration that addresses your most urgent use case within 30 days and iterate from there. With Rsam, you can also easily customize the baseline to meet your own unique needs. Iterate each step of the way until you reach 100% of your requirements. This keeps your implementation manageable and moving forward.
Puts Control in Your Hands
Your GRC program is unique to your organization – and Rsam thinks it should stay that way. We give you control over what modules you want to implement and in what order. There is no custom coding or expensive rework if you change your mind. Rsam’s relational architecture leverages a central database so you can build new use cases at your own speed. You save time, resources and money.
Rsam can help you transform GRC from ugly to elegant in 30 days. We keep it simple. Start with your highest priority modules. Add on as you go with a spectrum of modules to meet the most demanding requirements. Whether you need to build an integrated Security Incident Response Platform (SIRP) or get a better handle on your Vulnerabilities, Rsam can help. Rsam’s modules facilitate proactive measures and controls to fill gaps, with comprehensive workflows that trigger fast response.
The Vendor Risk Manager enables organizations to adopt a comprehensive approach to vendor risk that completely addresses their risk and compliance demands.
- Rate and classify vendors using simple classification assessment
- Dynamically assign applicable controls based on vendor classification
- Automatically generate assessment questionnaire based on applicable controls
- Enforce different assessment requirements and frequencies by vendor criticality
- Delegate administration of vendor survey responders to vendor key contacts
- Enable ad-hoc delegation of assessment questions and streamline aggregation of responses
- Reduce vendor training and support requirements with intuitive web based assessment interface
- Measure and report compliance by vendor criticality, by region, or by business unit
- Provide a single repository for all vendor compliance and risk related documents, including policy and control, evidence and supporting document, exceptions and approvals, contracts and service agreements
- Collaborate with vendors on remediation of identified gaps and monitor resolution status
The RiskVision Vendor Risk Manager provides the scalability and flexibility to create a repeatable and sustainable vendor risk and compliance management program. Built on the RiskVision integrated Governance, Risk, and Compliance (GRC) platform, RiskVision,
Vendor Risk Manager enables organizations to adopt a comprehensive approach to vendor risk that completely addresses their risk and compliance demands. With RiskVision, organizations can quickly measure current vendor risk against any standard, regulation or corporate policy, identify gaps, track remediation eorts, and confidently report on compliance. RiskVision Vendor Risk Manager dramatically reduces the time and cost associated with managing vendor risk programs while improving the ability to accurately calculate risk exposure and properly manage risks within acceptable tolerance levels. By centralizing data, automating manual activities and enabling continuous processes, companies can consistently apply controls, gain better visibility into vendor related risk, make more informed decisions, and demonstrate vendor compliance in real-time.
RiskVision Risk Manager is easy to use, deploy, and maintain so that organizations can quickly realize time to value. RiskVision enables a proactive and intelligent approach to vendor risk management by centrally managing vendor information, controls, risk, to easily map their existing vendor assessment processes. Once controls are tested, and view of vendor risk across the organization.
Centralization of data allows organizations to maintain a holistic view of their vendor risk assessment programs. RiskVision Vendor Risk Manager provides a central repository for all vendor contact details, contracts, risk, and compliance related information. Frameworks, controls, risk, evidence, and results are stored on a single searchable platform to provide current and up-to-date vendor information to company stakeholders.
Unified Security Service
Censornet USS enables you to monitor and control Web, Email and Cloud Application use to provide complete security for your organisation from one dashboard.
- Cloud Application Visibility
- Cloud Application Control
- Safe anywhere on any device
- Safe Web Access
- Email Security
- Safe from Malware
- Analytics across email, web and applications
- Fast and Unobtrusive
Censornet USS enables you to monitor and control Web, Email and Cloud Application use to provide complete security for your organisation from one dashboard. You can protect your employees, whether in the office or mobile, against cyber-attacks, and accidental or malicious leaks of sensitive data. Keeping your organisation safe from from the risks associated with the rapid growth in cloud applications, and the emergence of Shadow IT. USS is a comprehensive cyber security service that combines modules for the security, monitoring and control of web, email and cloud application across your network in one dashboard and logging service, meaning that common policies can be easily applied and incidents tracked across different media. USS provides the security and control of an on-premise or end point component with the flexibility and mobility of a cloud service. It is the next generation in Email and Web security with Cloud Application Control giving you the power to extend web access policies to Bring Your Own Device initiatives and to monitor and control Shadow IT.
- Software for Networks
- Available as a downloadable software, CensorNet’s Cloud Gateway software can be deployed on a virtual server or physical server in less than 30 minutes to extend security policies to the entire network
- Agent Software for Roaming Users or Standalone Devices
- Microsoft Windows agent that enforces policies on the device. Tamper proof and simple to deploy either with an install wizard or scripted via Active Directory Group Policy. Mac OS X version will be available soon.
- Secure Browser for iOS
- A secure browser app for iOS6 and above provides an alternative to Safari which extends the web access controls to the mobile device
- Highly optimised for large networks, the solution takes advantage of multiple processors, all available RAM and has a 64-bit architecture
- Deployment Modes
- Agent software, Direct proxy (set by group policy, WPAD or manually), or gateway mode for guest, BYOD or non-domain devices
- WPAD Support
- Automatic creation of Web Proxy Automatic Discovery (WPAD) file based on network configuration
- BYOD Captive Portal
- The Captive Portal allows existing users or guests to adopt BYOD and log in from those devices with valid user credentials e.g. Active Directory
In todays connected world, Web & Email Services are critical business tools. Your company has to protect it’s users from multiple internet borne threat vectors at all times on all their devices, from smartphones to laptops and desktop computers.
We provide a full service offering from consulting, gap analysis, architecture & design, implementation and management of:
- Hybrid Cloud mail and web gateway services incorporating Cloud application control
- Integration with Data Loss/Leakage Prevention (DLP) Services
- Application Aware Content Filtering Capability
- Advanced Zero Day Threat Detection Capability with Global Threat Intelligence Feeds
- Enhanced management of Office365 and Gmail (Granular Security Features that appear in our Portal making these platforms safer to use)
In todays connected world, Web & Email Services are critical business tools. Your company has to protect it’s users from multiple internet borne threat vectors at all times on all their devices, from smartphones to laptops and desktop computers. The widespread use of mobile and BYOD platforms has resulted in a vanishing perimeter. Modern web & email gateways have become increasingly complex to configure and manage. They handle huge volumes of digital traffic and need to constantly update their malware, adware, URL reputation services and anti-spam engines. The high adoption of cloud-based email services, like Office365 and Gmail, coupled with an upsurge in mail-borne cyber attacks incorporating ransomware has brought renewed focus to effective web and email security. We provide a thought leadership together with niche services in this domain for any size of business. Hybrid or Cloud-based solutions – seamlessly implemented & managed for you by our Gateway Security Team. This is a subscription service.
The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment.
Penetration testing is recommended annually, and in the event of major changes to your infrastructure. It is essential for companies holding intellectual property, information linked to personal identities, or financial information such as credit card data – and is often mandated by regulators. Penetration testing will help:
- Prevent severe financial losses that could arise due to unreliable infrastructure or fraud
- Provide the necessary proof of due diligence for regulators, customers, and shareholders
- Protect the brand from the dreadful loss of reputation
Penetration testing is a crucial element in securing your IT systems. Our team of experts can simulate an attack on multiple levels to determine whether sensitive data is at risk. The overall objective of penetration testing is to provide an independent and reliable view of the security of the internet-facing infrastructure of an IT environment. The assessment identifies weaknesses and vulnerabilities and quantifies the severity thereof – providing the information needed to address and control the threats.
Penetration testing is a ‘mock’ or staged attack to identify vulnerabilities in information systems. Our testers, ‘white hat hackers’, put themselves in the position of someone determined to gain access to resources without knowledge of usernames, passwords and other normal means. Like a hacker or cyber criminal, they try every trick in the book, every possible plan of attack. They find the ways applications could be modified, and confidential information such as price lists or customer databases stolen or subverted. They then provide a report – explaining how they ‘broke in’ and how an organisation can avoid it happening ‘for real’.