BCMLogic has been helping financial institutions, public administration and large companies from various industries in risk and security management for 12 years. We are currently focusing on the DORA regulation area. We cooperate with such institutions as PKO BP, Pekao SA, BNP, Credit Agricole, Ministry of Finance, NBP, T-Mobile, Allegro, providing the BCMLogic One platform, which supports, among others, the implementation of DORA compliance management in 6 key areas:
ICT Risk Management
ICT Vendor Management
Incident management
Business Continuity Management
Digital Operational Resilience Testing
Modeling and managing dependencies at the business-IT interface
As a complementary element, we use our own GRC AI model ( www.bcmlogic.com/ai ). This is an AI solution dedicated to GRC (Governance Risk Compliance), which combines the ease of interaction provided by chatGPT-type tools with current specialist knowledge and a dedicated model (knowledge base) on the functioning of security in business. With this specialist knowledge, the model then learns how your organization works (based on documentation, regulations, policies, data in systems, risk and incident register) and supports the above-mentioned 6 management areas. Our AI model also works in an on-premise model where at no time is data transferred outside.
ICT Risk Management
The BCMLogic platform allows for the identification, assessment and management of risk at various levels of the organization and within various risk categories, in particular operational, strategic and specialized risks (business continuity, information security). Risk assessment methods for areas such as cloud computing (in accordance with the PFSA announcement) and ESG risks are also supported. The application guides users through the full cycle - from risk identification, through assessment of their impact and probability, introduction and monitoring of risk mitigation plans and subsequent audit of the applied solutions. An integral part is the management reporting module and monitoring of KRI indicators. As part of DORA, we use the risk management methodology compliant with the ISO31000 standard and use AI as support in identifying the causes and effects of risk and assessing compliance with industry standards and reference models.
ICT Vendor Management
The register of suppliers and contracts, in combination with the Risk and Audit modules, enables regular risk assessment and monitoring of contractual arrangements with external ICT service providers. We use AI to monitor suppliers based on financial data and data collected from business registers, which are assessed by the model and verified in accordance with the criteria required by the Organizations. Our model also performs an initial assessment of the security documentation provided by the supplier and the results of the self-assessment (platform surveys).
Incident management
The Incident Management module offers everything an advanced organization needs to meet DORA requirements in this area. Particular attention should be paid to the requirement of "Centralization of reporting of serious incidents related to ICT". The organization can use several sources of information about incidents, especially where a given section is at the interface with another management area (BCM incidents, Information security incidents, operational events, etc.). BCMLogic allows for simple integration of these sources and further incident management in one place. We use AI for incident classification (triage).
Business Continuity Management
The platform supports the full BCM management cycle - from BIA analysis, through the creation and management of emergency procedures, tests and handling incidents affecting business continuity. In the context of DORA, the required element is to conduct BIA (Business Impact Analysis), MAK (Minimum Acceptable Configuration) analysis and document how the organization ensures business continuity and resilience within the requirements and time limits defined by the business. The entire process is supported by the BCMLogic One platform.
Digital Operational Resilience Testing
Operational resilience testing means regularly performing and supervising various types of tests: from staff simulations, through security system tests, recovery and restoration of applications critical to business processes, to penetration tests and social engineering. BCMLogic supports the full life cycle of such tests - from preparing assumptions, through implementation and supervision of conclusions and required changes and improvements. An element of testing is a repository of operational procedures and contingency plans.
Modeling and managing dependencies at the business-IT interface
One of the key elements of DORA is the management of relationships at the interface of business functions and processes, IT services, suppliers and infrastructure. The BCMLogic application allows for modeling these relationships and for feeding data on individual layers from various data sources in the organization (for example: AD - organizational structure, CDMB - IT infrastructure, BPM - processes, etc.). Such a model, meeting DORA requirements, allows for quick and easy determination of how infrastructure elements, ICT suppliers or IT services affect key functions performed by the business and how their availability, confidentiality and security affect the level of risk and resilience of the organization.
Comentarios