Menu

  1. Introduction
    1. Licensing
    2. System Requirements
    3. Setup and Installation
  2. Getting Started
    1. Creating the Database
    2. RM Studio Users/Contacts
    3. Email Configuration
    4. Web Module Setup
    5. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Categories
    5. Assets
    6. Threats
    7. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    8. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Working with Assets
      2. Evaluation Values
      3. Evaluating Risks
      4. Various Definitions
      5. Risk Assessment Reporting
    2. Evaluation Templates
    3. Risk Owner Web Solution
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Maturity and Effectiveness Assessment
    1. Control Assessment Templates
    2. Reporting
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. Intro to Models, Diagrams, Analyses
    2. STPA Projects
    3. Models and Diagrams
      1. How to: Create HCS Models
      2. How to: Create HCS Diagram
        1. Diagram Elements
    4. Performing the Analysis
      1. Setting up the Analysis
      2. System Level Hazards and Losses
      3. Step 1
    5. Reporting
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

4.8.Documents

The RM Studio Document Store is an excellent feature that allows users to include documents of any kind that pertain to the risk management strategy. These documents could be the Burden of Proof for an implemented control or policy covering several implemented controls.

Embedding or linking to documents from the RM Studio Document Store can even go a step further by allowing users to link specific documents to controls or requirements. If you are operating with multiple risk assessments and treatments, linking the documents to the controls and requirements makes the process very fluent.

1) To add a document to the Documents store, first create a Document Category by using the ‘+’ button as usual.

2) In the popup window name the Document Category.

3) Assign to a Root Category or Parent Category (select from a drop down list of Root Categories). The Root Category is for projects such as the ISO 27001 certification or similar. The Patent Category is used for grouping documents under a particular category for easy management of documents.

4) Click the ‘+’ button in the toolbar to the right of the newly created document category and enter a name for the new document.

5) Name the new document (can be different than the actual file name) and input a Description for the document.

6) Choose the Source of the new document. Embedded means that you want to import the document into RM Studio, and this is most useful for documents that are reviewed and revised annually or less, as you must import a new document every time you make an edit to the document. External is used for linking to a document on an external source on the network, such as the organizations SharePoint,  documents center, wiki, or organizational manual. Information sensitive or access controlled documents should be considered for linking to the documents.

7) If you are choosing to embed the document, click the ‘Browse’ button and find the document on your system. Select the file and then click on ‘open’ to import to RM Studio or create a link to the document from RM Studio.

8) Use the ‘Open’ button to review the document once imported or externally linked (if the document was linked from an access controlled source and you don’t have access to the source, you can not open the document).

9) The Status is used to set a document as Active or Inactive within RM Studio. Use the inactive status for documents that are no longer applicable to your implementation process (if you have updated the ISMS policy for the new year, but the old ISMS policy was used in previous assessments).

Assigning Controls to the Document

Now that the document is stored (on the database or linked externally) you can assign the document to Related Controls. By assigning the controls to the document, the data can easily be accessed and reviewed in the assessments, saving you time and effort, as well as confirming that a control has been implemented.

1) Check out the document if it isn’t already checked out to you, then select the ‘Related Controls’ tab next to the description.

2) In the popup window choose the standard you want to link controls from.

3) Select all the controls form the list that are related to the document. You can link controls from multiple standards if you have already deployed the other standards.

Help Guide Powered by Documentor
Suggest Edit