You need to take risks to achieve your business goals. Your medium-term plans (MTP) can develop according to one of several scenarios. It will be necessary to regularly check your plans against current internal and external risks to measure their chance of success.

• Identify the Risk Drivers of your business lines per risk category;
• Quantify the Risk Drivers in terms of possible impact on revenue and cost pools;
• What would be an acceptable deviation from your business forecast that you could still tolerate?

CERRIX will make your processes transparent. The graphical representations of the processes will provide insight not only into the flows, but also into responsibilities, risks and (compliance) control measures associated with each process step. The most up-to-date test results will immediately appear in your process flows, giving you insight into the processes in which important controls are not effective, actions still need to be taken or incidents have been reported. The process owners and employees can simply navigate through the processes using a Viewer. This will allow the process knowledge to be easily shared within the organization.

The large number of regulations, laws and standards make management increasingly challenging. Only a couple of years ago, it was still possible to do this by keeping an Excel spreadsheet, but the inefficiencies and the risk of errors involved create the need for a professional approach. Compliance Controls need to be well-anchored in company processes and behavior. It should be possible to easily determine the status of these controls for each compliance framework.

Recent examples of Cyber Risks demonstrate the importance of adequate IT risk management. With CERRIX, you can create a very effective ISMS (Information Security Management System) in a short time.

• Standard IT security compliance templates are available(ISO27001/2; CSA, COBIT, Surfaudit, BiG, DiGiD);
• Standard IT proces templates (BISL);
• Combining IT processes, applications and infrastructure;
• Supporting multiple compliance frameworks, enabling your In-Control checks to be performed efficiently;
• Graphically modelling your IT infrastructure in the CERRIX Risk Universe;
• Work flow for quick follow-up and monitoring actions resulting from IT security incidents;
• Real-time linking with your IT application landscape to collect evidence, such as loggings.

The amount of data collected and generated by you will only increase in the coming years. Do you have sufficient safeguards in place to ensure that your data are properly saved and protected against cybercrime, and that your personnel know how to handle those data? In addition, you will have to comply with an increasing number of legal requirements and regulations. The EU Data Protection Reform that will be introduced at the end of 2015 may have a significant impact on your organization and goes even further than the Personal Data Protection Act. CERRIX allows you to classify data categories, determine risk profiles, control measures (and check them against laws and standards) and the level of effectiveness, and implement any planned actions.

Projects generally don’t develop as planned. That’s hardly surprising, since circumstances and sometimes even goals may change over time. At the start of most projects, a Risk Assessment is therefore performed and Risk & Action logging takes place periodically. Projects and subprojects can be registered in CERRIX. For each subproject (and/or project phase), the risks, control measures, actions, deviations and responsibilities can be established. The work flow in CERRIX efficiently supports your risk management activities. In short, using CERRIX for high-risk projects ensures better management of your projects, thereby also ensuring you get the final result you want.

If you are handling risk management for external partners (asset managers, IT partners, suppliers, implementation organizations, etc.), CERRIX can assist you with supporting the entire risk management process by:

• Registering your external partners;
• Keeping track of risk assessments, possibly with standard frameworks;
• Ensuring that risk assessments/questionnaires are (periodically) completed on-line;
• Scoring results;
• Ensuring that specific evidence is verified;
• Drafting Findings Reports;
• Planning (and monitoring) actions on behalf of the partner;
• The real-time dashboard with the scores and schedules.

CERRIX includes a complete module for inspection management. Assessments can be performed on location using a tablet (off-line). Photos can be added and assessments can then be sent to a central unit, where all assessments can be evaluated and results can be prioritized.

CERRIX tooling was used for the monitoring of the water quality at remote locations during a major sporting event in London, in 2012. Inspections were conducted daily, and findings and/or incidents were acted upon immediately.