CALL US TODAY : (0)20 8798 9282

Risiko365 User Guide and FAQ

Licensing

The free trial version of Risiko365 can handle up to 10 records. To work with more records a license is required.

The license will cover a single SharePoint URL (for example https://contoso.sharepoint.com/sites/infosec) and as many users as you can add to that SharePoint.

The license can be either trial (free), quarterly or annual.
https://jscconsultant.co.uk/risk-management-tool/risk-management-tool-license-key/

 

Installation

https://jscconsultant.co.uk/risk-management-tool/risk-management-tool-download/

 

Risk Module

The risk management module is based on an asset risk assessment process where you select assets, determine the risk, likelihood, impact, mitigation, treatment plan and residual risk. You would score the risks based on likelihood and impact and then select controls to mitigate any risks that are not accepted. The module will then help you manage the risk treatment plan as well.
https://jscconsultant.co.uk/risk-management-tool/risk-assessment-and-treatment-process/

 

Incident & Action Module

The action module is where you log a nonconformity, an incident, an event, an opportunity for improvement or an action from your management review. You determine root cause, corrective action, owners, plans and deadlines.
https://jscconsultant.co.uk/iso-information-security-incidents/
https://jscconsultant.co.uk/iso-nonconformity-and-corrective-action/

 

Recurring Action Module

The recurring action module is the module that will help you with all those recurring tasks that are built into your ISMS. These could for example be to run an annual management review or a quarterly business continuity test exercise. In this module you set the action once and the module will help remind you, it will enable you to record the outcome of the action (so you have evidence to show the auditor) and once an action has been done a new action will be set according to the chosen frequency.

 

Dashboard

The dashboard is reporting real time on your ISMS. It will for example report on

  • Risk Heat Map
  • Trends
  • Overdue risks
  • Root cause analysis
  • Age of actions
  • Overdue risk/actions by owner
  • Etc.

 

Audit Log

An audit log of all changes are kept and an admin user can access that either per item by clicking the audit log icon next to the item or using the audit log module.
https://prnt.sc/Zsw9rcOfG40Q
https://prnt.sc/H9ierwqc1GS8

 

Role Based Access

On the Configuration Module the Super Admin can specify two roles:

  • The Admin role which will have access to all modules and data within Risiko365
  • The User role which can add items but can only see items that the user is related to

(coming soon)

 

The “+” sign

Whenever you see the “+” sign it means you can easily add a value to the drop down field. Risiko365 has a number of predefined values, but this is an easy way for a user to add a custom value to:

  • Risk Asset Category
  • Risk Asset
  • Risk
  • Risk Impact
  • Recurring task

 

The Super Admin

The Super Admin role is setup with the license and can access the database tables where data can be added and deleted.
This feature is not available in the trial version.

 

Due Date

The due date will send you a reminder email when an item (risk, action or incident) is due. This can for example be when you expect a risk mitigation to have been implemented or a corrective action to be implemented and closed.

 

Review Date

The review date will send you a reminder email when an item (risk, action or incident) is due a review. This is for example used when a risk has been closed and you want to review the risk at a later stage, or when you have implemented and closed a corrective action and you want to review the effectiveness of the corrective action at a later stage.

 

Search

On each of the module screens you can either search in one of the specific fields or you can search across all fields in the database.

For example in the risk owner field search for a name to display all risks with that owner or use the general search field to search for any risk that contains the word “encryption”.

On the incident and action module there is for example a reference field. Here you could record “Audit dd/mm/yyyy” to then quickly show any findings from a specific audit.

https://prnt.sc/ho5qok4_jbFX
https://prnt.sc/IurhS06WOcfX
https://prnt.sc/JcjndmzYC008

 

Sort

On each of the module screens you can quickly sort a column by clicking the column name.

For example high to low risks or high to low ID number.

https://prnt.sc/mkKK8IKnW5wj
https://prnt.sc/faCxxr0J_h5c

 

Root Cause Analysis

https://jscconsultant.co.uk/wp-content/uploads/2022/01/DOC0.7-Five-why-root-cause-analysis.pdf

 

Export

All data from a module can be exported to a CSV file. It is recommended that a regular export (backup) is done so the app can easily be reinstalled should that be required.

 

Import

An export format CSV file can be imported.
This feature is not available in the trial version.

 

Video

https://youtu.be/4f1pz95vk3Q

 

EULA

https://jscconsultant.co.uk/eula/