RiskWatch for Information Systems™ is the most accurate, comprehensive way to conduct governance, compliance and risk assessments based on international standards including ISO 17799, ISO 27001, COBIT 4.0 and Sarbanes Oxley (SOX). The RiskWatch for Information Systems™ software includes a simple web-based questionnaire application. This can also be used on an internal server, or hosted, to facilitate the gathering of responses from management and IT system users. Respondents simply answer the questions, and their answers are imported for analysis. Combined with a full threat assessment, control analysis and patented algorithms. RiskWatch automatically analyzes all data, and creates management reports detailing compliance vs. non-compliance, backed up with a complete set of working papers. Return on Investment is calculated for each safeguard and a Case Summary Report is generated to show Compliance vs. Non-Compliance, Protection Levels, Annual Loss Expectancy Data by Asset Category, Threat or Loss Impact Category. The report demonstrates which security measures are most effective for your organization, and which ones give you the most bang for your buck.

It can be installed on your desktop PC or network server and it eliminates 50%-70% of the work of doing a manual risk analysis. It includes an Asset Configuration Tool, based on a standard capital expenditures allocation, so that you can instantly populate asset information fields. Default data on threat frequencies, and the cost of applicable safeguards (controls) is included.