SECURITY RISK MANAGEMENT SOFTWARE

Co-designed by the author of the industry-acclaimed Security Risk Management Body of Knowledge (SRMBoK), SECTARA is the go-to tool for producing professional assessments and creating treatment plans. Field-level encryption also means that nobody, including our developers, admins or anyone else, can see your sensitive data.

TRY OUR FREE PLAN

Start Assessing Quickly and Easily

SECTARA enables those responsible for security risk assessments to create and complete them quickly, simply and with methodological rigour. We incorporated data libraries to assure productivity gains and made sure that it was suitable for any scope and industry to ensure the broadest utility for subscribers. The use cases below highlight several ways you might use it.

Reclaim precious time through major productivity gains

Demonstrate advanced practices through methodologies

Let SECTARA scale with your growing business

Government accredited host & field-level encryption

Sample SECTARA Use Cases

The Problem

You engage a consultant to deliver a security risk assessment. While you brief them on what you want out of it, you have no idea what the end product will look like – everyone seemingly has a different approach.

Alternatively, you had a security risk assessment performed previously and don’t wish to repeat the process, but you do seek the previously identified risks and treatments to be reviewed for currency.

You may even need to just demonstrate the progressive nature of the security function to management in support of an initiative/business case.

The Solution

  • Create an Assessor user and compel the consultant(s) to adhere to SECTARA’s best-practice processes. In doing so you auotmatically prevent them from modifying your methodology and criteria. You can even supply them with a sample assessment (which is supplied within the system) to show them the level of quality that you expect.
  • SECTARA enables you to create living assessments that can be updated at any time.
  • Schedule a periodic review and require consultants to do it within SECTARA.
  • Demonstrate the logical manner in which security is managed, then showcase your results during briefings through SECTARA’s stunning dashboards.

The Benefits

Finally there’s a way to address the issue of consultants doing work on their own laptops and assure that assessments are not retained and shared upon completion.
A deliverable with a familiar methodology and an thus an increased ability to challenge assumptions and conclusions.
Confidentiality – assessors cannot export assessments from SECTARA.
‘Living’ assessments that are always up to date.

The Problem

You, or your network of consultants, deliver security risk assessments in MS Word/Excel for your clients. Constantly fixing formatting issues is time-wasting and each assessment drifts further from the original template, meaning a client may be happy with one but not necessarily the next.

Some assessments take way too long, it is often difficult to remember where you have stored great content from other assessments, and if you are waiting for another consultant to complete one there’s little ability to collaborate in real-time.

Further, and when you do deliver a report to a happy client, they say thanks and you may never hear from them again!

The Solution

  • Assure methodological rigour on every assessment, with SECTARA’s repeatable processes.
  • Use data libraries to store your best assessment content and speed the process on every assessment thereafter.
  • Use impressive, interactive charts and other visuals to debrief clients.

The Benefits

Reinforce the value of partnership with your clients – you can now offer a retained service around assisting with treatment planning and reviewing/maintaining assessments so that they’re always up to date. You can simply create an organisation for your clients, and then invite them to your account as an Organisational Admin, Business Unit Admin, Assessor and/or Viewer user.
Ammortize the entire cost of your SECTARA subscription over a single assignment – if you propose the use of SECTARA in a proposal then your annual fee is already paid!
When you’re inside the tent, you’ll always be on the client’s mind when new opportunities arise. And with SECTARA, they’ll always remember your great work!

The Problem

Your suppliers are contractually bound to assess their risk (or worst case they aren’t at all), but they use different criteria to you. What you consider high risk may be low risk to them. Thus they may not have to report it to you (or manage it as you would wish) under contract.

Or perhaps you simply need the specialist input of your suppliers to understand your supply chain security risk profile. There may also be issues because your suppliers deliver events or services for only part of the year.

The Solution

  • Set your organisational criteria that your suppliers will then be required to apply to their assessment(s)
  • Create an assessment and define the areas that you wish suppliers to address (at minimum).
  • Review the results in real time and query assumptions, risk controls and ratings.
  • Have your suppliers quickly update a previous assessment during event/short-duration asignment preparation stages.

The Benefits

Standardised and structured third-party security risk assessments that quickly identify and enable you to prioritise risk.
Getting suppliers to complete their own security risk assessments, and allowing you to review them in real time, enables you to focus your resources on other assurance tasks.
A risk-based approach helps you reduce risks while monitoring compliance.
Be much better informed about what your suppliers regard as their key risks.
Improve contract obligations by requiring specific risks to be addressed.
Compare your supply chain  the results with your own strategic risk profile.
This way you will always have the latest view of their risk profile.

The Problem

Current competency-based training can sometimes be overly complex when it comes to curriculum approaches to assessing assets, threats, control effectiveness and risks.

The Solution

Consider accompanying your training with SECTARA, which you can use to step students through the processes quickly and logically.

The Benefits

The process is so logical that your students will grasp it immediately.
Higher levels of competency and better practitioners.
If you also consult, and after declaring an interest, you have the ability to sign attendees to your account as clients for ongoing work, in the same way that the Security Consultants user case above recommends.

The Problem

You supply security manpower to clients. You’ve traditionally spoken in terms of solutions (patrols, numbers, routines etc.), but clients are wanting to hear about the risks that you are addressing, and thus how you justify the proposed treatments (i.e. your services).

Or perhaps you need a security risk assessment completed on a site you provide services to, but you’d normally refer the client to someone else to do this.

The Solution

  • Create an organisation within SECTARA for your lead/client. Document the risk profile of their organisation (from tender documentation if it has been issued), including the assets, threats and existing controls, and then the risks as you see them.
  • Propose your services as recommended treatments to the risks, and present SECTARA’s extremely logical process and stunning visual dashboards during your pitch. It will make a major differentiation from what your competitors present.
  • For assessment requests by clients, carry out your own assessment quickly, and with the benefit of past details that you created for the site. If you have to bring in external expertise, create a new “Assessor” user on SECTARA and get a consultant to deliver in a familiar format, without them being able to download/keep the assessment afterwards.
  • Once completed a debriefing can be conducted over the phone or WEBEX – you can even create a Viewer user so your client can log in and follow along on their own computer!

The Benefits

Presenting a risk-based justification for recommendations is a whole other conversation, one that demonstrates calculated consideration, and one that will engage your leads and clients.
You’re now ahead of your most progressive competitors – last we looked none are using their own systems that come anywhere near SECTARA, if they are talking in risk-terms at all.
Key Global Security Risk Management Standards
7
SECTARA's Level of Alignment with each
100

SECTARA aligns to International Best Practice for Security Risk...

  • ISO 31000 – Risk management
  • Standards Australia’s Handbook 167 – Security risk management
  • ISO 27005 – Information security risk management
  • Universal Security Management Systems Standard 2017
  • Security Risk Management Body of Knowledge
  • National Institute of Standards and Technology (NIST) Framework
  • Australian Government Protective Security Policy Framework
TRY OUR FREE PLAN

Why SECTARA?

There are a lot of reasons to like SECTARA - we've included a list of the key ones below.

We offer a full-function Free Plan – start assessing for free.
Export assessments and treatment plans to MS Word/Excel.
SECTARA can be white labelled so you can apply your own logo.
SECTARA pricing includes 10% off for annual subscriptions.
No configuration is necessary – simply log in and start assessing.
Secure and hosted within a Government accredited data centre.
Simple internal and external collaboration with stakeholders.
Five user types – you have complete control of who does what.
Step-by-step, in-product guided tours for user onboarding.
No more enterprise spend on annual/biannual security risk assessments.
A detailed Knowledge Base and support is available to all subscribers.
Consultants can use SECTARA for a retained service offering.

Recognition

GoodFirms Badge