1. Introduction
    1. System Requirements
    2. Setup and Installation
  2. Getting Started
    1. Creating a Database
    2. Email Configuration
    3. Web Module Setup
    4. Web Module Update
  3. Navigating RM Studio
    1. Main Menu
      1. Save Function
      2. Import External Data
        1. Import Assets
      3. Clear User Cache
      4. Security
      5. Properties
      6. Languages
      7. Registration
      8. User Manual
      9. Manage Checkouts
      10. About
      11. Application Style
    2. Navigation Tree
    3. Tabs
    4. The Grid
    5. Context & Flow
  4. Common Entities
    1. Business Entities
      1. Asset Details - Basic Information tab
      2. Asset Details - Risks tab
      3. Asset Details - Categories tab
      4. Asset Details - Business Entities tab
    2. Contacts
    3. Teams
    4. Assets
    5. Asset Categories
    6. Asset Attributes
    7. Threats
    8. Standards/Controls
      1. How to: Standards, Regulations, Controls
      2. Standards Implementation Comparison
    9. Documents
  5. Gap Analysis
    1. How to: Gap Analysis
    2. Reporting
  6. Risk Assessment
    1. How to: Risk Assessment
      1. Risk Assessment Overview
      2. Adding Assets
      3. Adding Risks
      4. Evaluation Values
      5. Evaluating Risks
      6. Various Definitions
      7. Risk Assessment Reporting
    2. Risk Owner Tasks
    3. Risk Profile
  7. Web Module
    1. Dashboard
    2. My Tasks
    3. Reports
    4. Standards/Regulations
    5. Documents
    6. Incidents
    7. Risk Owner Web Solution
  8. Control Assessment
    1. Control Assessment Templates
    2. Control Assessment
    3. Reports - Control Assessment
  9. Risk Treatment
    1. How to: Risk Treatment
      1. Risk Treatment Templates
      2. Risk Criteria
      3. Asset Level
      4. Controls Tab
      5. Scheduling a Future Control
      6. Future Controls Tab
      7. Overview
      8. Reload Assets, Threats and Controls
    2. Risk Treatment Reports
  10. STPA
    1. STPA Projects
    2. Models and Diagrams
      1. How to: Create CS Models
      2. How to: Create CS Diagram
        1. Diagram Elements
        2. Models Progress Check
    3. Analyses
      1. How to: Define Purpose of Analysis
      2. Losses
      3. Hazards
      4. Relationship
      5. Constraints
      6. How to: Identify UCAs
      7. How to: Identify Loss Scenarios
        1. Loss Scenario Progress Check
    4. Reporting
    5. Global Properties
  11. Business Continuity Management Module
    1. Organization
      1. New Organization
      2. Stakeholders
      3. Resources/Processes
        1. Impact Analysis
        2. Requirements
    2. Incident Response/Recovery
      1. Associated Threats
      2. Plans
        1. Steps
      3. Maintenance
        1. Test plans
        2. Test Results
    3. Templates
    4. Maintenance
    5. Reports BCM
  12. Database Settings
    1. Database Upgrade
    2. Add Existing
    3. Remove
    4. Migrate
    5. Backup
    6. Restore
  13. Glossary
  14. Calculations

4.8.2.Standards Implementation Comparison

The release of RM Studio version 5.3 included an excellent time saving feature. The Standards Implementation Comparison provides users with a great new tool for mapping one standard (regulation, controls) to another standard, regulation, or control set. A common example of this in practice is an organization has already implemented ISO/IEC 27001:2013 and now must comply to the EU GDPR.

An example of this new mapping feature follows:

  1. Double click the Common – Standards/Controls to open in work space.
  2. Select the Standard/Regulation/Control set you want to map to another Standard/Regulation/Control set by clicking the arrowhead.
  3. Under Item Details – General Information, select the Standard Mappings tab to create a new mapping from the Standard/Regulation/Control set already selected in step #2 above.
  4. Under the Standard Mappings tab, click to begin a new mapping.
  5. Input a Name for the mapping.
  6. Enter a description to define the mappings, such as source or emphasis, along with the other relevant information and save (Ctrl+S) to complete the action.
  7. Under the Standards and Controls browser, click the arrowhead to open the clauses or articles.
  8. Double click the line item to open the Item Details.
  9. Click the Control Mapping tab.
  10. Choose the Implementation for the item if this information is known.
  11. Click the to present the deployed Standards/Regulations/Controls data.
  12. Select the Standards/Regulations/Controls you want to map to the item.
  13. Select the controls required for the mapping.
    Remember to use the Shift key and Control key to group select the controls.
  14. Click ‘Ok’ to complete the action. You can also save now or after you have finished your task.
    Example below shows the GDPR Article 12 mapped to ISO 27001: A.12.1.1, A.14.1.1, A.16.1.1, A.16.1.2, A.16.1.3, A.16.1.4, A.16.1.5, A.16.1.6, A.16.1.7.

    After completing the new mapping, as you can see from the example below, you are presented with the list of ISO 27002 Controls mapped to the GDPR Article 12. This is also a good time to review the Implementation of the primary item, Article 12. If you know that all the controls that are now mapped to the Article, then selecting Full Implementation is accepted. Selecting Partial Implementation if some of the controls have been implemented is accepted.

Save the mappings now is a good idea.

Suggest Edit