1. Introduction
    1. System Requirements
    2. Setup and Installation
  2. Getting Started
    1. Creating a Database
    2. Email Configuration
    3. Web Module Setup
    4. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Assets
    5. Asset Categories
    6. Asset Attributes
    7. Threats
    8. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    9. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Risk Assessment Overview
      2. Adding Assets
      3. Adding Risks
      4. Evaluation Values
      5. Evaluating Risks
      6. Various Definitions
      7. Risk Assessment Reporting
    2. Risk Owner Tasks
    3. Risk Profile
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Assessment
    1. Control Assessment Templates
    2. Control Assessment
    3. Reports - Control Assessment
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. STPA Projects
    2. Models and Diagrams
      1. How to: Create CS Models
      2. How to: Create CS Diagram
        1. Diagram Elements
        2. Models Progress Check
    3. Analyses
      1. How to: Define Purpose of Analysis
      2. Losses
      3. Hazards
      4. Relationship
      5. Constraints
      6. How to: Identify UCAs
      7. How to: Identify Loss Scenarios
        1. Loss Scenario Progress Check
    4. Reporting
    5. Global Properties
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

5.1.How to: Gap Analysis

The RM Studio Gap Analysis is a great place to start with any Standard or Regulation. The Gap is used to establish the baseline for the implementation process and to gain a clear understanding of the requirements included. The Gap can be made on one Standard or multiple Standards and Regulations if desired.

The Gap Analysis in RM Studio provides users with the initial or follow up view (during internal audits) of the implementation, but the Gap can be combined with the Control Maturity and Effectiveness Assessment to further understand the actual compliance or success of the control implementation.

How to Perform a Gap Analysis

  1. After opening the Gap Analysis under Risk Management in the tree, click the ‘+’ to create a new Gap.
  2. Select the Standard, Regulation, or Control Set from the drop down list in the popup window ‘Add Gap Analysis’.
  3. Select the Business Entity in the same manner and then click the ‘Ok’ button. 

    Note: In order to use multiple Standards or Control Sets, user must first choose one Standard in the manner above, then add the additional Standard or Control Sets inside the newly created Gap Analysis (instructions are below).

 

4) After creating the new Gap, it opens in a new tab. Also, a new row of tabs are added below. Under the General Information you need to input a name for the new Gap.

5) The Description of the Gap Analysis should be filled in clearly and concisely along with any other relevant information. On the right side an option to set a time frame is available, but it is not required.

 

Controls

Under the Controls tab you will find all the Controls from the Standard you chose to work with when you created the Gap Analysis. Below the list of controls you will find the Control Information Pane that lists information about the Control as well as the Implementation Guide for a particular Control.

Implementation

Finally, in the Implementation tab, you will define if and how your organization will implement each Control.

You can set a responsible person for the implementation of a given Control. To designate a responsible person you must select a registered user from the Responsible drop down box.

Status

As you go through the Controls you will decide whether the Control is “Not Applicable” for your organization. If you determine the Control is applicable you must then determine whether it is Not Implemented, Partially Implemented, Fully Implemented, or a Future Control. Future Control means that you plan to implement the Control at a scheduled time in the future. Note that only controls with “Implemented” status serve for reduction of  risk in the risk treatments.

Justification

In the Justification text box you should write the clear and concise reasoning for the defined status of each Control. A thorough justification will help you later to remember your reasons for giving a Control a particular Status.

Suggest Edit