99% reduction in time and cost to perform control gap assessment
Business-aligned cybersecurity roadmap and spend allocation
Quantitative control gap identification by business unit by business process
Systematic identification of control gaps across the entire dataflow knowledge base
On-demand compliance gap assessment after every business process or control requirement change
On-demand compliance readiness assessments per new regulatory requirements or organizational policy change
Enable control gap prioritization by data sensitivity and business criticality
IOR control policies define appropriate use for each data classification level. Once policies is published, IOR instantly assesses the dataflow knowledge base for any control gaps. IOR supports imports from other security solutions (e.g., vulnerability scan results, AV log import) to prioritize remediation activities by data sensitivity and/or business criticality. IOR reports on identified control gaps by business unit and business process, enabling prioritization of remediation initiatives by business area.
Flexible configuration of automation activity
The task manager is a custom code execution capability that enables scheduled execution of built from scratch tasks, permitting the flexibility needed to configure IOR to align to your existing processes and meet the specific needs of each organization.
Source and/or inform external applications
Connector integration are the configurable links which IOR establishes with other solutions and information sources (e.g., DLP, Asset Inventory, AD) to enable sustainable information aggregation, data inventory update, and dataflow mapping automation.
Business friendly questionnaires
The business surveyor is a rapidly deployable data usage questionnaire, that facilitates dataflow gathering en masse across the multiple SMEs that execute individual steps in the end-to-end business process.
Multidimensional analysis of knowledge base
The analyzer is a flexible search engine to filter and visualize your dataflow knowledge base, enabling IOR to visualize and report on usage of specific data types by business process, specific vendors, departments, systems, or any combination of these.
Structured business process modeling
The process modeler is a data entry table organized specifically for tracking sensitive dataflow. As dataflow is registered and sequenced, it automatically generates a diagram, with multiple auto-layout options as preferred by the user.
Data handling control requirements and analysis
The policy manager is a controls table outlining the different ways that users, vendors, and systems interact with data, and what is and is not permitted for each classification tier. By defining what is and is not permitted for each classification level, the policy manager is able to identify control gaps for all registered dataflow.