OLISTIC is a web based software solution designed to enable organizations to achieve all of the benefits possible from an enterprise risk management process. It has a friendly and intuitive user interface and supports multiple risk management domains. Its rich risk scenario library, available out of the box, enables it to be easily configured by business process owners. This offers significant time savings and reduced total cost of ownership over bespoke and toolkit based solutions. It is available as both an in-house deployable solution where data control, security and integration is important, or as a hosted SaaS-based solution.
Covering technical vulnerabilities and exposures for computer software and hardware according to the US National Vulnerability Database.
including physical, logical, human resources, supply chain, system development, legal and compliance sub-domain according to international standards and best practices such as ISO 27001 and ISO 27005.
According to the requirements of the EU General Data Protection Regulation and national personal data management legislation.
According to the ISO 22301 and ISO 31000 international standards.
Assessment of environmental aspects according to the ISO 14001 international standard.
Assessment of risks in the work environment according to the OHSAS 18001 international standard.
OLISTIC provides an innovative perspective for the management of corporate assets, which can be classified according to type, grouped hierarchically, associated with organizational units within the company or even different organizations and related to each other according to their logical or physical interconnections.
OLISTIC is constantly updated via the US National Vulnerability Database with the latest identified vulnerabilities and exposures (CVE) and the naming scheme for information technology systems, software, and packages (Common Platform Enumeration - CPE Dictionary). OLISTIC works together with market established network mapping software tools in order to automatically scan and identify computer assets.
OLISTIC features a rich library of risk scenarios, tailored to each risk domain and asset type, which enables the fast and efficient population of the risk assessment. Additionally, OLISTIC provides suggested controls in order to mitigate risks, based on international best practices.
OLISTIC calculates risk levels across assets, asset groups, process, organizational units or other business aspects. Risk assessment scenarios include:
• initial risk levels before factoring in existing controls
• current risk levels taking into account controls already in place
• future risk levels achieved by the introduction of additional controls
• residual risks.
OLISTIC has been designed to facilitate compliance with the General Data Protection Regulation, which will affect all organizations handling Personally Identifiable Information of EU citizens. It enables the modelling of personal data flows across corporate processes and information systems and fully supports the preparation of a Privacy Impact Assessment, to identify and quantify privacy risks for the data subjects.
OLISTIC helps you easily generate and compare alternative risk treatment scenarios in order to reach informed decisions, documented contingency plans and an enterprise risk management approach. In fact, OLISTIC can take into account the cost for implementing alternative controls in order to calculate the most cost-efficient risk management strategy.
Assets are assigned owners, across organizational units or even companies. The interrelations of assets, the exchange of information and any logical or physical connectivity between assets enables threats to spread across the company and cause risks to manifest on assets unexpectedly. OLISTIC analyzes the entire network, taking into account the type of asset and a rich set of attributes and conditions in order to calculate the propagated risk.
OLISTIC scans a wide range of source across the Internet, social media and discussion fora in order to identify potential zero-day vulnerabilities, hot security issues and risk trends and instantly notifies risk managers in order to update the risk assessment and introduce additional risk controls.