Definition and management of the System
1. Risk Context Definition
It allows the configuration of business activities and initiatives, and the technological and infrastructural elements that support them, which will be included in the management of the Risk, the context in which the organization operates, the needs and expectations of the parties involved.
2. Identification, Evaluation and Treatment of Risks
The hierarchical model of assets, is structured by function and layout allows the representation of complex structures exploiting the propagation of threats and countermeasures (controls). Definition and application of the Risk Assessment Criteria, identification of the Risks associated with the loss of Confidentiality (R), Integrity (I) and Availability (D) of the information, identification of the Risk Managers, Risk Analysis, determination of the Levels of Risks, comparison of the results of the Risk Analysis with the established Risk Criteria, priority of the Risks for the Treatment Actions. Risk treatment plan; it is input to the review.
Allows management of the entire management cycle of the objectives from the definition of the program, the feasibility analysis of the single objective, the assignment and management of the activities, the frequency and the relative responsibility, the schedule with notification of warning and alert, the upload of the documentation, the closure and the final balance, is input to the Review. Enables management of approval and information workflows.
4. Operational Controls
Identification and updating Control Objectives and Controls on the basis of Appendix A of the standard, Map Control Objectives and Controls, NC Management. Enables management of approval and information workflows.
5. Declaration of Applicability
It allows the processing, on the basis of Checklist, of the Applicability Document relating to Controls and Control Objectives specified in Appendix A to the application.
6. Investigation of Near-Events Events, NC Management
Allows management of the entire integrated management cycle of events and nearmisses (HSEQ, Energy, Safety Information etc.) from reporting and validation, uploading of documentation, management of immediate treatment, classification of NC, root cause analysis, the planning and management of CAPA, the closure and the final balance, the input to the Review. Enables management of approval and information workflows.
Allows the management of the entire audit process from the definition of the annual audit program in the different areas, quality, environment, health and safety, energy, etc., to the generation of individual plans for the definition of the agenda of activities and points of the standard that will be investigated, through the appropriate check-lists, during the execution, of the objective evidence, the preparation of the report of the results and the list of NC/OSS and related CAPA. The integration is implemented with the management flow of the NC/OSS and the CAPA and with the Review and with the Human Resources database regarding roles, tasks, legal titles and personal data.
8. Business Impact Analysis (BIA)
It defines the priorities and requirements of Business Continuity, the process of analyzing the activities and the effects that an interruption could have on them and allows to establish the priorities for the recovery of critical processes by defining the Maximum Tolerable Period of Disruption (MTPD). The Threat Analysis, on the other hand, promotes the understanding of the risks related to critical processes, their dependencies and the potential consequences in case of interruption. These activities form the basis on which - in the planning stage - the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO) are defined, and on which the strategies and tactics of business continuity and threat mitigation measures are selected.
Identification and evaluation of indicators of effectiveness and efficiency of controls, framework of effectiveness of the management system.
(European Regulation Privacy GDPR UE 679/2016)
In KRC™ the data processing, the technical measures of prevention and the controls, the offices in charge and the persons in charge of the treatments are identified. Risk (PIA), residual risk and treatment actions are analyzed and assessed. The information, and the treatment register is generated. The oblivion right is managed.
Integrated Areas and Flows
The processes of Audit, Targets, Operational Controls, Event Management and Non-Conformity and Re-examination are managed in integrated flows for the different Management Systems: Environment, Health and Safety, Quality, Energy, Privacy, Information Security, Anti-corruption, Social Responsibility.
Human Resources Area
- Registry File Management: allows you to manage the integration between the corporate HR Database and the KRC HR Database. It allows the production of personal data sheets: it associates the job, the qualifications and the legal and corporate titles; it composes the training booklet from the training flow, the risk assessment form from the risk assessment flow, the health protocol from the health surveillance flow, the PPE per task and distributed by the PPE flow.
- Organization charts: allows you to produce the corporate and legal organization chart.
- Roles and Responsibilities: allows the Job Description to be produced with regard to activities and responsibilities from the Procedures and Instructions Management flow.
Flow Norms and Laws for the Management of Legal Prescriptions
It allows to produce the regulatory framework, the systematization of the provisions contained in the provisions and to assess the legislative compliance by identifying methods of verification and control and those responsible. It generates the regulatory schedule with the sending of prescription notifications to the managers. The rules and laws and the provisions relating to the risk element will be displayed in the risk and environmental aspects forms.
Norms and Laws update service
KEISDATA provides the supply with a fortnightly update of the rules and laws characterized by Scope, Thematic, Sub-topic, Topic and Element of risk with relative upload of the legislative document. Generates the regulatory schedule with notifications to managers.
Autohorization management flow
It allows you to manage authorization from identification to assigning responsibilities. Create the authorization framework, manage the related activities and create the authorization register. Generates the schedule with notification of notice and registration of the successful completion with upload of the documentation.