Abstract: An applications access re-certification system is disclosed. The system is used for approving and re-certifying a user's access rights to applications stored or existing in an institution's computer system based on reviewing in a configurable timeframe the user's functional roles by designated reviewers. The system is used to ensure security of the applications by means of a reviewing process. The system is used to automate the re-certification process by means of a computer-controlled re-certification system which automatically operates in a defined methodology under control of re-certification administrators. The system could perform a management summary of access rights to the applications, and a automated scorecard to monitor the re-certification progress. The system could carry out a control process to ensure the changes to existing permissions are effectively managed at source destinations. The system has a capability of initiating multiple approvers for re-certifying a user's access rights.

Abstract: A system and method for assessing the risk associated with Outside Service Providers. A decision engine is provided to assess monitor and manage key issues around the risk management capabilities of the OSP. The system creates a core repository that manages, monitors and measures all OSP assessments across an institution (e.g., a corporation). The system and method employs automated questionnaires that require responses from the user (preferably the manager of the OSP relationship). The responses are tracked in order to evaluate the progress of the assessment and the status of the OSP with respect to compliance with the enterprise's requirements for OSPs. Once a questionnaire has been completed, the OSP can be given an overall rating of exposure to various forms of risk. Areas of risk can be acknowledged, prompting a sensitivity rating, such as severe, negligible and so forth.

Abstract: A system for tracking compliance to risk management policies for a given enterprise that provides risk status feedback on hierarchical managerial levels. The system notifies users of potential problems with non-compliance of enterprise policies set on a high level of enterprise management, and prompts the users to take steps to achieve compliance. The enterprise policies are designed to protect the enterprise from various forms of risk associated with enterprise activities. Accordingly, minimizing risk across enterprise operations, subdivisions, projects and applications produces an overall benefit of reduced liability or exposure to liability for the entire enterprise. A compliance status is provided by business groups at all levels of the enterprise, and consolidated for each management level to which the risk status is promoted.

Abstract: A system and method for assessing the risk associated with the protection of data privacy by software application. A decision engine is provided to assess monitor and manage key issues around the risk management of data privacy. The system creates a core repository that manages, monitors and measures the data privacy assessments of applications across an institution (e.g., a corporation). The system and method employs automated questionnaires that require responses from the user (preferably the manager responsible for the application). The responses are tracked in order to evaluate the progress of the assessment and the status of the applications with respect to compliance with the enterprise's data privacy policies and procedures as well as the regulations and laws of the jurisdictions in which the application is operated.

Abstract: A system and method for assessing the risk associated with the protection of data privacy by software application. A decision engine is provided to assess monitor and manage key issues around the risk management of data privacy. The system creates a core repository that manages, monitors and measures the data privacy assessments of applications across an institution (e.g., a corporation). The system and method employs automated questionnaires that require responses from the user (preferably the manager responsible for the application). The responses are tracked in order to evaluate the progress of the assessment and the status of the applications with respect to compliance with the enterprise's data privacy policies and procedures as well as the regulations and laws of the jurisdictions in which the application is operated.

Abstract: A system and method for assessing the risk associated with Outside Service Providers. A decision engine is provided to assess monitor and manage key issues around the risk management capabilities of the OSP. The system creates a core repository that manages, monitors and measures all OSP assessments across an institution (e.g., a corporation). The system and method employs automated questionnaires that require responses from the user (preferably the manager of the OSP relationship). The responses are tracked in order to evaluate the progress of the assessment and the status of the OSP with respect to compliance with the enterprise's requirements for OSPs. Once a questionnaire has been completed, the OSP can be given an overall rating of exposure to various forms of risk. Areas of risk can be acknowledged, prompting a sensitivity rating, such as severe, negligible and so forth.

Abstract: A system and method for assessing the risk associated with the protection of data privacy by software application. A decision engine is provided to assess monitor and manage key issues around the risk management of data privacy. The system creates a core repository that manages, monitors and measures the data privacy assessments of applications across an institution (e.g., a corporation). The system and method employs automated questionnaires that require responses from the user (preferably the manager responsible for the application). The responses are tracked in order to evaluate the progress of the assessment and the status of the applications with respect to compliance with the enterprise's data privacy policies and procedures as well as the regulations and laws of the jurisdictions in which the application is operated.

Abstract: A system and method for developing, assessing testing and implementing plans and procedures for managing crisis events and providing continuity to business operations in cases of business interruption. Such business interruption can occur due to a variety of reasons including physical facility emergency. The continuity in business operations relates at least to real estate, and critical business resources such as computers, databases and applications. The system includes a core repository that manages, monitors and measures all core continuity processes across an institution (e.g., a corporation). Once an emergency had been identified, the system links the continuity plans to crisis team initiatives across the corporation. The system provides an executive level ‘state of health’ reporting facility to enable executives (managers) to assess the state of the business and the execution of the continuity plans in real time.

Abstract: A system for tracking compliance with policies related to management of risk for a given enterprise provides risk status feedback on a number of managerial levels. The system notifies users of potential problems with non-compliance of enterprise policies set on a high level of enterprise management, and prompts the users to take steps to achieve compliance. The enterprise policies are designed to protect the enterprise from various forms of risk associated with enterprise activities. Accordingly, minimizing risk across enterprise operations, subdivisions, projects and applications produces an overall benefit of reduced liability or exposure to liability for the entire enterprise. A compliance status is provided by business groups at all levels of the enterprise, and consolidated for each management level to which the risk status is promoted.