Not logged in - Login
< back

Organisation (Supplier Risk Management)

1.1       OrganisationOrganisation Setup

Organisation name is entered or amended here show along with a shortened version

1.1.1       DivisionsDivisions

The organisational structure is created here. The organisation can be as wide and deep as is required

1.1.2       DocumentsDocuments

Internal documents such as audit reports or policy documents can be referenced within Abriska with links to storage locations outside of Abriska. Supplier evidence is uploaded and stored with the questionnaires.

1.1.3       ContactsContacts

Internal contacts are created here and assigned to relevant teams and divisions

1.1.4       OrganisationOrganisation Setup

1.1.4.1       ClassificationsClassifications

No idea / Not used in Abriska 27036. Relates to classification of information

1.1.4.2       CostCost Types

Values set here are used when actions are set in risk treatment.

1.1.5       SystemSystem Information

1.1.5.1       AccessAccess List

View access to Abriska and amend access rights

1.1.5.2       AuditAudit Register

View access and usage of Abriska between set dates

1.1.6       SystemSystem Setup

1.1.6.1       PasswordPassword Complexity

Provides the ability to set password length, complexity and other aspects of good password management

1.1.6.2       NotificationNotification Setup

Allows the setting of time-based reminders and flags that will appear in the dashboard. These notifications can relate to the need to revise documents, unresolved actions and overdue questionnaires

1.1.6.3       LoginLogin Settings

Provides the ability to provide a login message to users and also set the timeout period for sessions (default is set at 5 minutes of inactivity)

1.1.6.4       LibraryLibrary References

Provides the ability to introduce any common glossary into Abriska to ensure consistency of data entry and facilitate comparison across the organisation. The information appears as on-screen guidance for users.

1.1.6.5       CustomCustom Data Fields

For each supplier or resource, additional information can be held within Abriska. New fields can be created here and will automatically appear against all resources.

1.1.6.6       SystemSystem Appearance

Allows customisation of the colour scheme across the Abriska module

1.1.6.7       SystemSystem Variables

Allows customisation of the number of rows that are displayed in a table such as in the dashboard

1.2       ResourcesResources

The first screen will show all resources set up for the organisation.

1.2.1       CreateCreate New Resource

Provides the ability to create new resources. This could be just suppliers or other resources could be added such as process, equipment, information (digital/physical), people, premises and technology. These additional resources can be useful in terms of creating dependency mapping between suppliers and other resources. Resources are assigned to owners and divisions. A supplier can only be associated with a single division, however, organisational administrators can be assigned access to suppliers outside of their division where a supplier is delivery service or commodity into that division and visibility of the risk assessment is required.

1.2.2       ResourcesResources By Division

Provides the ability to view resources by organisational unit

1.2.3       ResourceResource Attributes

1.2.3.1       ReviewReview Division Resources

Organisational administrators can initiate reviews of the CIA attributes by owners, who receive a notification to do so. This may be required following a re-organisation, for example.

1.2.3.2       ResourceResource Attribute Status

Provides a quick overview of those resources where the CIA attributes have been completed. The legend provides insight into whether the CIA attributes have been inherited and through selection of the resource type, the source of the inherited values is provided A supplier is a type of resource in ISO 27001 terms. All resource types can be added to Abriska if required. Resources attributes refer to Confidentiality, Integrity and Availability (CIA). Unless otherwise specified it the highest rating that is applied to the supplier, e.g. if Availability is critical but Confidentiality is not, then the supplier will be treated as critical based on availability attributes. There is an advantage of adding other resource types to Abriska as resource dependency maps can be generated, so that it is clear the higher level systems or processes that the supplier is supporting. In such cases, the supplier can inherit the criticality rating of the supported resource.