Steve Crutchley, CEOThe risk management product is an offshoot from our mapping solution and has gradually grown into something useful with a significant number of threat libraries,” begins Steve Crutchley, CEO, C2C Smart Compliance —provider of risk management solutions with expertise in information security and regulatory compliance standards and best practices. Our company was conceived as a compliance mapping organization but we decided to move regulations to best practices providing regulatory library support to large highly regulated industries. Along their journey, C2C realized the importance of content across regulatory world and began concentrating on different areas of mapping—one of them making sure ‘risk’ was included. The company chose to focus on risks associated to assets instead of assessing operational risks. Paraphrasing Crutchley, “It’s crucial to understand the assets before stepping into operations.” He goes on to say, “We developed risk management capability around areas like asset, service, and quality risk with business impact analysis bringing in a business continuity perspective,” says Crutchley.
The company’s MyRiskAssessor (myRA) powered by its compliance mapper, provides visibility across assets and conducts risk assessments and associated management needs. Once the assets are identified, myRA offers threat libraries that represent threats, vulnerabilities, and the applicable controls to mitigate the issues. “We have created around 250 threat libraries covering topics like mobile; business continuity; cybersecurity to name but a few,” asserts Crutchley. This allows clients to assess the impact and probability of threats and vulnerabilities, and use the controls offered in the libraries to mitigate risks. “We are continually updating the libraries with the latest trends.” myRA then allows users to carry out reporting representing the residual risks and the mitigation processes used. myRA also aligns with clients’ existing organizational risk management programs for additional efficiency and agility.
In addition, the user can run business impact and gap analysis through the assessments made in myRA. The platform includes risk templates for treatments that can be incorporated according to requirements of the organization.
Our idea is to simplify the risk management process with a customer centric approach
The risk tracker enables clients to manage and track their risks. “Users can look into risk treatment plans, workflows involved, and the expected dates of completion through tools,” he adds.
Crutchley lauds the simplicity of the product. In his words, “Our idea is to simplify the risk management process with a customer centric approach.” Users can also install the product within two hours and can immediately start their risk assessment process. “We have a very easy way of bringing risk assessment content that can be implemented within two hours rather than days or months.” The company has assisted a number of clients from the legal, banking, healthcare, and telecom domain with their asset related risk matters. For instance, one of C2C’s healthcare clients tried to align their business to i-Trust for which they required certification. In order to be certified, they had to analyze their gaps and risks, so they implemented C2C’s Compliance Mapper that helped them build an assessment framework with more than 125 assessments that had to be undertaken by departments. Once they were completed, C2C presented the final reports and findings to the management. By measuring the gaps and bringing remediations, C2C’s solution helped the client to successfully align their business to i-Trust.
For many years, C2C Smart Compliance has provided compliance and risk management services to organizations all over the world. The company will continue to bring in new capabilities in its mapping techniques. “We look forward to working collaboratively with client’s in the future and transform and change the approach to compliance across their entire enterprise,” says Crutchley.