Risk Management

​Integrating information on risks, incidents, and BCM plans

More information means more reliable estimates and better response to events.

Core Capabilities

BCMLogic ONE provides comprehensive risk management tools:

  • Asset, personnel, and process inventory
  • Risk cause documentation
  • Strategy selection
  • Treatment plan assignment
  • Reporting and monitoring

The system goes further by integrating incident data, BIA analysis, and BCP plans for more accurate risk assessment. Probability levels can be set based on the number of incidents affecting a given process or asset.

Scope of Applications

  • ERM Risk Management Manages risks related to business processes and services, typically handled at department/division level.
  • BCM Risk Management Analyzes business continuity risks across categories: people, IT infrastructure, locations, and suppliers. Examines both process and asset levels.
  • Compliance Risk Management Offers a risk library managed within the application or imported from external sources.
  • Exception Management When projects or situations require security rule deviations, an exception form is used. It specifies the rule requiring deviation, captures opinions from relevant departments (legal, security, IT, etc.), and determines the risk level. Approved exceptions include validity periods.
  • Operational Events Register Records actual events with estimated financial and non-financial losses across multiple categories.
  • Vulnerability Categorization and Monitoring Prioritizes based on process-asset relationships and their criticality. Includes mechanisms for task assignment and execution monitoring.

Add Your Heading Text Here

BCMLogic One is an all-in-one Enterprise GRC ecosystem designed to unify business continuity, risk management, and compliance into a single source of truth. The platform eliminates silos by connecting data points across the entire organization.

Add Your Heading Text Here

BCMLogic One is an all-in-one Enterprise GRC ecosystem designed to unify business continuity, risk management, and compliance into a single source of truth. The platform eliminates silos by connecting data points across the entire organization.

Module Functions and Components

  • Existing safeguards that reduce risk level
  • Risk level – determined by analyst-completed matrix (probability and multiple impact types) or numerical values assigned to vulnerabilities
  • Treatment strategy
  • Treatment plans if the adopted strategy requires them
  • Affected business processes
  • Assets (IT systems, infrastructure, suppliers)

The risk database operates on workflow. Permissions are dynamically assigned based on risk category, organizational unit assignment, asset, process, and other attributes in the extensive database. This enables precise access control. Two users viewing the same list may see completely different risk sets depending on their roles.

Analytical tools include:

  • KRI library connecting indicators with platform-collected data (incidents, failures, etc.) and other systems
  • KRI indicator values can be calculated from user-provided information
  • Analytical reports, data visualization, and MS Excel export
  • Role/group-specific risk dashboards (Board, Supervisory Board, area directors)
  • Safeguards and Treatment Plans Database Safeguards are divided into existing and planned/implemented.
  • Existing safeguards catalog general measures (e.g., workstation antivirus) or asset-specific measures (e.g., server room fire suppression system, employee motivation program to reduce key personnel turnover risk).
  • Planned/implemented safeguards are treatment plans activated when a risk reaches unacceptable levels (e.g., purchasing faster backup system if current one cannot meet BIA-defined recovery times). Completed treatment plans become active safeguards.

Integrated Risk Management Across the Organization

BCMLogic analyzes risk at multiple levels: from IT systems and locations, through various management systems (BCM, Compliance, Information Security, etc.), to operational risks at unit, company-wide, or international corporation levels.

The system ensures isolation of individual levels and categories while enabling consistent escalation to higher levels. If a critical location administrator diagnoses serious risk affecting business processes, this information can be escalated further. Depending on risk type and level, users access the most appropriate application forms and screens.