Agiliance RiskVision is a risk management and compliance automation platform that streamlines IT risk management and reduces compliance costs. It provides visibility into risks across the enterprise and helps prioritize the most critical assets. The platform automates assessments, tracks remediation efforts, and delivers dynamic risk modeling to support business decisions. It also provides executives with accurate and up-to-date transparency into risk and compliance status.
Developer Data Modeling Mistakes: From Postgres to NoSQL
Agiliance RiskVision Streamlines IT Risk
1. Agiliance RiskVision 4.0
“Not only did the IT Risk Management and Compliance Automation Platform
Agiliance solution
alleviate some
immediate pain through
automation of the
seemingly never-ending
list of compliance
assessments, I believe it
will ultimately help us
implement a proactive
and cost effective risk
management strategy.” Agiliance RiskVision™ is a complete IT • Improves risk management efforts:
risk and compliance management system Agiliance RiskVision supports an
— Shane Fuller, designed to help organizations keep pace “always-on” proactive approach to risk
Information Security
with the expanding requirements of IT management that helps companies gain
& Compliance
Manager, compliance and operate at their highest enterprise-wide visibility into risks and
RSA Insurance level of performance. With powerful risk reliably report on current IT risk exposure.
management and automation capabilities, • Supports effective governance:
companies can reduce compliance related Agiliance RiskVision allows organizations
costs by up to 70% and improve oversight to measure and report on the
of IT compliance initiatives. Our integrated IT effectiveness of risk and compliance
risk and compliance management platform initiatives, better align IT strategy with
is being used by some of the world’s largest strategic business goals, optimize
companies to solve their most pressing existing security investments and IT
issues including business continuity resource usage. This combined with
management, vendor risk management advanced risk methodologies and
and compliance management. dynamic modeling allows businesses to
make risk-informed strategic decisions.
SOLUTION BENEFITS
• Rapid deployment and long term
• Delivers real cost savings: Agiliance
ROI: Agiliance RiskVision was built from
RiskVision supports repeatable,
the ground up as a standards-based
sustainable controls monitoring, testing
product that supports the extensibility,
and reporting processes to reduce
reliability and usability requirements
compliance related costs by up to 70%.
of today’s enterprise. The solution
• Streamlines existing compliance accelerates time-to-deployment with
processes: The product helps businesses advanced configurability features and
reduce time to compliance by up to extensive interoperability with third-
80% and maintain ongoing compliance party applications.
with mandates without invasive and
expensive overhauls of IT infrastructure.
2. BUSINESS CHALLENGE helps businesses strategically manage
Successfully balancing today’s risk compliance demands and allocate IT budget
“Agiliance RiskVision management, cost reduction and compliance and resources based on business objectives.
equation can be a difficult feat. As security
is purpose-built from
incidents and new regulations continue to AGILIANCE RISKVISION OVERVIEW
the ground up to grow in number and complexity, businesses Agiliance RiskVision arms companies with an
what it is intended to often find themselves diverting precious staff efficient, repeatable and continuous process
time and operating budget away from growth for IT compliance and risk management. It
do – provide IT-GRC
supporting initiatives to reactive activities such provides complete visibility into current risk
management. Since it as regulatory audits. status and delivers the accurate intelligence
and analytics required to ensure informed
is not a suite of glued
As demands to control the bottom line business decisions based on risk posture can
together products, it increase and regulators become even more be made with ease and confidence.
does not need to be aggressive, over-investing in compliance-
related programs can negatively impact a RISK MANAGEMENT DATABASE
integrated to work.
company’s ability to fund future growth Agiliance RiskVision is the only product
From the beginning, initiatives. For businesses that want to on the market that features a unified
sophisticated risk break out of the current inflated threat and Risk Management Database (RMDB) that
compliance-driven spending model to develop automatically aggregates and correlates data
intelligence and a more resilient and cost-effective IT risk and controls across systems, people and
management went management process, Agiliance RiskVision processes as well as controls from standards,
into the product.”
— Peter Stephenson
Senior Editor
SC Magazine
3. frameworks, policies and regulations – Controls are automatically mapped to entities,
out-of-the-box without the need for whether people, processes or systems, based
“Agiliance comes custom development – to serve as a single on profiles. By providing a mapping of all
authoritative source of IT risk from IT and policies, controls and regulatory requirements,
out on top in terms of
non-IT entities. Agiliance RiskVision automatically rationalizes
risk functionality that controls across multiple regulations, thereby
provides, out of the box, Provides authoritative source of IT risk. reducing overall effort and cost required to
Agiliance RiskVision collects risk data from meet regulatory requirements. Unlike security
the most standards-
non-IT entities like people, vendors, and automation point solutions or process-
based methodologies processes using web-based e-surveys and related GRC applications, Agiliance RiskVision
automatically imports risk data from a wide combines data and test results from both IT
for analyzing IT risks.”
range of IT, security and compliance assets. and non-IT entities to dissolve organizational
— Marc Othersen silos and provide an authoritative single view
Senior Analyst Streamlines compliance efforts across of IT risk across the enterprise.
Forrester Research multiple regulations and best practices.
Agiliance RiskVision ships with a content-rich
Common Control Framework that premaps
controls across over 30 regulations and
industry mandates (e.g., SOX, HIPAA, PCI,
GLBA, and NERC), many standard frameworks
(e.g., ISO 17799/27001/27002, CobiT, and
NIST SP800-53/SP800-66), 10,000+ controls
and sub-controls, and 200+ key risks as well ANALySIS AND WORKFLOW ENGINE
as best practices, threats, vulnerabilities and Agiliance RiskVision supports an “always-on”
integration with live threat data feeds. proactive approach to risk management that
helps companies gain enterprise-wide visibility
into IT risks and reliably report on current IT
risk exposure by transforming and linking
entities, regulations, policies and controls
to risk scores. With the ability to accurately
monitor and report policy and compliance-
related violations and track remediation
efforts, business can proactively manage
corporate risk.
Delivers centralized policy management.
Agiliance RiskVision enables IT, risk and
compliance managers to create new policies,
promote policy awareness, manage policy
exceptions, assess policy compliance, and view
risks that may arise from non-compliance.
Policies are linked to controls and can be
linked to risk as well – allowing analysts
to view risk of non-compliance. Complete
4. policy authoring, review, approval and assessment projects. E-surveys can be
dissemination capabilities based on delegated to teams or individuals and the
“We’re working with multi-stage workflow are built-in to system assures that the right people are
the application. The product includes responding to the surveys. The solution
Agiliance because
awareness campaigns that can be used to enables multiple assessment projects to
their product met promote, communicate and test employees’ run simultaneously and scales to conduct
our key criteria understanding of policies. assessments on tens of thousands of entities.
which include easy
Provides a complete closed loop risk
integration with our management system. The product
company’s existing provides continuous visibility into the
monitoring, management and reporting of
applications.” risks and controls across departmental and
— Oliver Eckel, geographical boundaries to help eliminate
Head of silos. Agiliance RiskVision calculates current
Corporate Security, risks, inherent risks and remedial risks with
bwin Interactive operational risk scoring of controls down to
Entertainment AG
the sub-control level across 10,000+ controls
in the Common Control Framework. The
product supports multiple risk methodologies
including ISO 27005, ISO 31000, and COSO
Automates Assessments. Agiliance ERM and risk assessment types, such as, IT
RiskVision streamlines assessments using risk, ERM, KRI trending and threat models
web-based e-survey questionnaires and so that companies can anticipate potential
automated workflow with the ability to threats and react appropriately.
import findings in multiple formats and from
multiple sources. E-survey questions are
automatically generated based on controls,
delivered and tracked based on configurable
workflow to help avoid dead-ends and
project delays. Survey responders can attach
evidence in the form of csv, pdf, excel or
word files (e.g. structured files containing
activity or time stamp data from systems
such as physical access control, building
management or fire protection systems for
data centers) for use by auditors. Powerful
project wizards allow assessment projects to
be quickly initiated and easily configured The product automatically prioritizes IT
using pre-defined workflows or previous assets such as servers, applications and
network devices that need to be monitored
for risk so that the most critical assets can
be addressed first, e.g., those containing
personal identification information, medical
records or credit card information. Using
5. this intelligence, decision makers can be
confident that budget is being wisely allocated
“Agiliance is one of towards the most critical assets – eliminating
the solutions we use overspending on shotgun approaches that
may add unwarranted controls across the
in Arizona as part of entire IT environment.
our overall effort to
To provide end-to-end risk management,
take an “always on”,
Agiliance RiskVision automates remediation
proactive stance to and mitigation workflows with a native
security and risk so that ticketing system and integration with internal
ticketing systems, like BMC Remedy and HP
we can stay ahead of
Service Center, and ensures that remediation,
evolving threats and exception handling and delegation to teams is Delivers dynamic risk modeling to support
handled in a efficient manner. informed business decisions. Agiliance
preserve confidence in
RiskVision delivers powerful “What-If” risk
government services.” modeling capabilities to study the effects
of applying specific controls before changes
— Fred Sargeson
are made. With roles-based views, managers
General Manager
NIC- State of Arizona across the enterprise can assess the impact
of various risk mitigation plans including the
cost of downtime and the cost of replacing
the asset to make real-time decisions about
INTELLIGENCE CENTER remediation versus accepting or transferring
With intuitive risk performance dashboards the risk. Agiliance RiskVision allows risk
and powerful analytic tools, Agiliance parameters to be expressed in dollar values,
RiskVision allows companies to pull together making it easy to compare the cost of controls
the interdependent disciplines of security, to their effectiveness in mitigating the
compliance and risk to establish more corresponding risks. This, in combination with
accountable and effective IT governance powerful trending tools, allows executives to
without the associated high costs and easily track and measure the effectiveness of
inefficiencies of disparate programs. Agiliance risk and compliance programs over time.
RiskVision helps companies evolve their risk
management processes by providing current Ships with over 150 standard templates to
and accurate visibility into how IT risk affects document compliance and communicate
the entire organization and by enabling rapid, risks. The built in reporting capabilities help
informed decision making on allocation of IT companies to efficiently meet regulatory
security investments and risk posture to ensure and executive reporting requirements. With
business resiliency. By combining advanced customization features and real-time data-
quantitative and qualitative risk analysis feeds, users can create up to the minute
techniques, customers have the degree of content-rich reports for auditors and
granularity needed to make informed risk- executives within a matter of minutes. The
based decisions. product allows users to report on compliance