ISSAC Online is the ultimate Information Security: Strategy, Audit & Compliance software solution. ISSAC Online provides organizations with a comprehensive, fully customizable solution to streamline compliance within Enterprise Risk Management programs.
Multifactor authentication standardized for access. Assign user permissions to modules based on job responsibility. Review access logs for audit requirements.
Risk assessment programs and questionnaires align with regulatory requirements and industry best practices.
Data is automated across all modules in ISSAC ONLINE, supporting user efficiencies. Import/export data functions simplify data management processes.
Customize risk assessment questions to support internal compliance programs or use built-in questionnaires to reinforce compliance initiatives.
Comprehensive reporting features including extensive data filters to generate reports for Management, Board of Directors, and Examiners.
Actively track and monitor assessment and contract review dates with email notification alerts and calendar reminder settings.
System implementation is managed by BTG Consultants and includes live webinar training for administrators and users.
Access to full-time system and training support. BTG Consultants tailor guidance and coaching to meet the organization’s individual needs.
ISSAC Vendor Management
With the increasing risk associated with outsourced services and solutions, organizations must ensure that they are equipped with the tools and resources necessary to assess and manage vendor relationships. The ISSAC Online Vendor Management module is a comprehensive and customizable solution that is tailored to fit your Vendor Management Program and provides various risk assessments to establish oversight of your vendors, offers multiple reports to communicate information to your Board and auditors, and contains an all-inclusive Contract Management system to monitor vendor agreements all in one place.
Risk assess and manage vendor and third party relationships
Customize and perform Product Risk Assessments, Financial Analysis Reviews, and GLBA Risk Assessments
Manage contracts and avoid missing renewal or termination dates
Directly send due diligence requests to vendors to collect and review documentation including SSAE or SOC reports, financial statements, insurance certificates, etc.
Retain all due diligence documents and contracts in a secured centralized solution
ISSAC Business Continuity & Disaster Recovery
As threats and disasters continue to evolve and persist, organizations must plan and prepare for continuing operations in order to avoid negative business impacts. The ISSAC Online Business Continuity & Disaster Recovery module is the only compliance tool that provides organizations with a solution to manage all phases within their Business Continuity & Disaster Recovery Planning Program in one centralized and accessible location, including Threat Risk Assessments, Business Impact Analysis (BIA), Asset Inventory, Recovery Plan Development, and Testing and Maintenance Documentation.
Document and maintain disaster recovery plans and procedures
Assign recovery time objectives (RTOs) and recovery point objectives (RPOs) for all critical assets
Identify resumption plans and retain critical resources such as business process procedures, recovery task lists, employee call trees, etc.
Document testing results and provide reports to Management, the Board, and auditors
Allow for the involvement of all key personnel and operational areas in a user friendly solution
ISSAC Risk & Compliance
Mitigating risk and managing compliance across the entire organization can be a difficult and cumbersome process, especially without the right tools. The ISSAC Online Risk & Compliance module provides organizations with a solution to maintain its enterprise risk management compliance programs in a completely scalable and customizable system to meet the individual needs and requirements of each organization. Within this module, there are dedicated sections to manage the following risk and compliance areas, including Information Technology Risk Management, Internal and External Audit & Risk Assessments, Information Systems Access Control Management, and an Organizational Policy Library.
Identify and manage technology risks for hardware, software, website applications, etc.
Customize and perform internal compliance risk assessments
Track external audits and remediation efforts
Retain policies, and monitor and document Management and Board approval dates
Document and audit internal and external access controls to information systems
Provide Management, Board, and auditors with clear and concise reports