IT Risk Management

A recommended approach to identifying, prioritizing, and managing IT asset risks, using the IT Risk Management (previously ITRMBond) solution in Diligent One.

This solution requires a subscription to IT Risk Management (previously ITRMBond).

IT risk management overview

IT risk management (ITRM) is the process of mitigating risks associated with IT assets, including hardware, software, business processes, and cloud assets. Each of these assets comes with risks that can have far-reaching consequences for your organization, including security vulnerabilities and service interruptions. Additionally, managing IT assets also involves complying with complex laws, regulations, and standards.

Challenges and opportunities

A robust ITRM program is essential to ensuring that an organization's IT assets stay secure and functional, avoiding security breaches and service interruptions, by responding to a rapidly evolving threat landscape. Information gathering, mitigating risks, and reporting to different stakeholders are all crucial and complicated steps of the process. With a large number of assets, it can be costly and time-consuming to ensure that each one is prioritized and handled effectively.

IT Risk Management (previously ITRMBond) simplifies these complicated risk management processes by allowing you to prioritize IT assets by criticality. Then, after deciding how you want to address your IT risks and creating plans of action, you can continuously monitor your assets to ensure compliance. Additionally, you can create IT policy exceptions to ensure that your IT risk management solution is flexible enough for your organization's unique needs.

People involved in IT risk management

People involved in managing IT risk can include:

  • Risk analysts
  • IT risk analysts, directors, and managers
  • IT compliance analysts, directors, and managers
  • Security analysts
  • Risk management leaders
  • Business and technical asset owners

How it works

The IT Risk Management (previously ITRMBond) workflow spans multiple apps:

  1. Create and consolidate IT assets In the Asset Manager, you can manage your assets in a centralized app, creating a single source of truth for asset intelligence for your organization.
  2. Categorize IT assets You have two options to categorize assets based on criticality in the Asset Manager:
    • You can send a questionnaire about an IT asset to a technical or business owner. Then, a Workflow robot will use their responses to automatically calculate the asset's criticality level.
    • You, or the asset's technical or business owner, can enter the criticality level directly into the asset.
  3. Identify IT risks and create relationships In the Risk Manager, you can create risks and controls and associate them to the assets.
  4. Asses IT risks and controls Based on the relationships you create in the Risk Manager, you can asses the risks and controls, raise issues, and remediate risks.
  5. Monitor controls You can monitor controls in the Risk Manager on a regular interval to see if the control is working properly.
  6. Report on IT risks / compliance You can use Workflow robots to import data about assets, risks, and controls into Results, so you can see your IT risk data in one place, report on IT risks / compliance, and identify remaining action items.

IT risk management solution guides

Getting started with IT Risk Management (previously ITRMBond)

Learn everything you need to know about getting started with IT Risk Management (previously ITRMBond).

Adding and managing IT assets

Learn how to add your organization's IT assets into Asset Manager so you can start mitigating the risks associated with them.

Adding and managing IT risks and controls

Learn how to add and assess your organization's IT risks and controls.

Importing and viewing IT risk data in Results

Use Workflow robots to import assets, projects, and issues data into Results, so you can view data from multiple projects centralized in one place.