Organisation Setup

Organisation name is entered or amended here show along with a shortened version

Divisions

The organisational structure is created here. The organisation can be as wide and deep as is required

Documents

Internal documents such as audit reports or policy documents can be referenced within Abriska with links to storage locations outside of Abriska. Supplier evidence is uploaded and stored with the questionnaires.

Contacts

Internal contacts are created here and assigned to relevant teams and divisions

Organisation Setup

Classifications

Not used in Abriska 27036. Relates to classification of information

Cost Types

Values set here are used when actions are set in risk treatment.

System Information

Access List

View access to Abriska and amend access rights

Audit Register

View access and usage of Abriska between set dates

System Setup

Password Complexity

Provides the ability to set password length, complexity and other aspects of good password management

Notification Setup

Allows the setting of time-based reminders and flags that will appear in the dashboard. These notifications can relate to the need to revise documents, unresolved actions and overdue questionnaires

Login Settings

Provides the ability to provide a login message to users and also set the timeout period for sessions (default is set at 5 minutes of inactivity)

Library References

Provides the ability to introduce any common glossary into Abriska to ensure consistency of data entry and facilitate comparison across the organisation. The information appears as on-screen guidance for users.

Custom Data Fields

For each supplier or resource, additional information can be held within Abriska. New fields can be created here and will automatically appear against all resources.

System Appearance

Allows customisation of the colour scheme across the Abriska module

System Variables

Allows customisation of the number of rows that are displayed in a table such as in the dashboard

Resources

The first screen will show all resources set up for the organisation.

Create New Resource

Provides the ability to create new resources. This could be just suppliers or other resources could be added such as process, equipment, information (digital/physical), people, premises and technology. These additional resources can be useful in terms of creating dependency mapping between suppliers and other resources. Resources are assigned to owners and divisions. A supplier can only be associated with a single division, however, organisational administrators can be assigned access to suppliers outside of their division where a supplier is delivery service or commodity into that division and visibility of the risk assessment is required.

Resources By Division

Provides the ability to view resources by organisational unit

Resource Attributes

Review Division Resources

Organisational administrators can initiate reviews of the CIA attributes by owners, who receive a notification to do so. This may be required following a re-organisation, for example.

Resource Attribute Status

Provides a quick overview of those resources where the CIA attributes have been completed. The legend provides insight into whether the CIA attributes have been inherited and through selection of the resource type, the source of the inherited values is provided A supplier is a type of resource in ISO 27001 terms. All resource types can be added to Abriska if required. Resources attributes refer to Confidentiality, Integrity and Availability (CIA). Unless otherwise specified it the highest rating that is applied to the supplier, e.g. if Availability is critical but Confidentiality is not, then the supplier will be treated as critical based on availability attributes. There is an advantage of adding other resource types to Abriska as resource dependency maps can be generated, so that it is clear the higher level systems or processes that the supplier is supporting. In such cases, the supplier can inherit the criticality rating of the supported resource.

Return to Supplier Risk Management