Risk Management

Secure IT - To Secure Customer Information and IT Infrastructure from Threats
Datawiz Capability Statement

In today’s challenging global economy, companies face environment risks, process risks and risks involving incomplete or biased information for decision making.

There is a need for identifying, assessing, managing and monitoring the organization’s business opportunities and risks in an integrated and transparent way.

Risk management has been a function within the finance departments of some organizations for many years. However, Enterprise Risk Management as a strategic, tactical and operational instrument to enhance and protect shareholder value while fulfilling regulatory obligations is a recent development in leading businesses according to Datawiz’s recent High Performance Business research.

Enterprise Risk Management:

Enterprise Risk Management is a process, or framework, an organization can implement to come to a reasonable certainty that it’s strategic and derived operational (efficacy and efficiency of processes), reporting (reliability) and compliance (laws and regulations, codes of conduct) goals are achieved.

Datawiz’s Enterprise Risk Management enables an organization to change from a fragmented and compartmentalized risk management solution to one that is strategic in overall scope, viewing controls and risk initiatives in a coherent framework, thereby enhancing decision making and analysis to support growth and high performance.

Datawiz’s Risk Management services help organizations elevate risk discussions to a strategic level and embrace two critical facets:

  1. A preventative, control-based aspect focusing on negative events, loss prevention and risk mitigation.
  2. A strategic, entrepreneurial aspect focusing on aligning risk and reward in pursuit of business advantage.
    Since the publication of NIST SP 800-37 Revision 1, Datawiz has been following the Risk Management Framework (RMF) for all security assessment activities.

Utilizing the RMF as a framework, as intended by NIST, Datawiz has customized a comprehensive security categorization, selection, implementation, assessment, authorization, and monitoring process that are tailor-able for each Federal Agency.

The Datawiz Risk Management Process (DRMP) is structured as depicted in Figure below.

While the DRMP has been in use for a few years now, it has not yet been implemented in a cloud environment. The processes, however, are still the same.

The DRMP, similar to NIST SP 800-37 Revision 1, utilizes 6 steps. These 6 steps, which are outlined above, apply to cloud environments, thereby reducing any hurdles to cloud security assessments. In fact, the FedRAMP requirements and associated procedures/templates are incorporated nicely into the 6 DRMP steps.

The subsections below outline these 6 steps and the process as defined in the DRMP, which Datawiz will employ for all cloud-based information system security assessments.

The DRMP is also heavily focused on quality. Similar to ISO 17020 requirements, the DRMP quality system is focused on designating individuals responsible for enforcing the quality requirements in our Quality System Manual (QSM).

Through the support we have provided our clients over the years, we have been able to streamline our processes and procedures to ensure the implementation of our QSM is standardized and effective. This standardization has been used to support our implementation of Capability Maturity Model Integration (CMMI) Level 2 processes.