C2C Smart Compliance: Business Continuity through Risk Management Solutions

The risk management product is an offshoot from our mapping solution and has gradually grown into something useful with a significant number of threat libraries,” begins Steve Crutchley, CEO, C2C Smart Compliance —provider of risk management solutions with expertise in information security and regulatory compliance standards and best practices. Our company was conceived as a compliance mapping organization but we decided to move regulations to best practices providing regulatory library support to large highly regulated industries. Along their journey, C2C realized the importance of content across regulatory world and began concentrating on different areas of mapping—one of them making sure ‘risk’ was included. The company chose to focus on risks associated to assets instead of assessing operational risks. Paraphrasing Crutchley, “It’s crucial to understand the assets before stepping into operations.” He goes on to say, “We developed risk management capability around areas like asset, service, and quality risk with business impact analysis bringing in a business continuity perspective,” says Crutchley.

The company’s MyRiskAssessor (myRA) powered by its compliance mapper, provides visibility across assets and conducts risk assessments and associated management needs. Once the assets are identified, myRA offers threat libraries that represent threats, vulnerabilities, and the applicable controls to mitigate the issues. “We have created around 250 threat libraries covering topics like mobile; business continuity; cybersecurity to name but a few,” asserts Crutchley. This allows clients to assess the impact and probability of threats and vulnerabilities, and use the controls offered in the libraries to mitigate risks. “We are continually updating the libraries with the latest trends.” myRA then allows users to carry out reporting representing the residual risks and the mitigation processes used. myRA also aligns with clients’ existing organizational risk management programs for additional efficiency and agility.

In addition, the user can run business impact and gap analysis through the assessments made in myRA. The platform includes risk templates for treatments that can be incorporated according to requirements of the organization.