HOPEX Cyber Resilience

Summary

The HOPEX Cyber Resilience module empowers you to effectively manage ICT (Information and Communication Technology) risks associated with your critical processes and IT assets. It facilitates vendor due diligence, enabling you to assess vendors, maintain contract inventory, and ensure compliance. Additionally, the module allows you to define continuity plans, conduct, and monitor continuity tests. Furthermore, it provides comprehensive incident management capabilities, including detailed impact analysis and reporting features to facilitate communication with relevant authorities.

HOPEX Cyber Resilience empowers you to initiate and implement resilience strategies, ensuring continuity for your business operations. It enables compliance with a variety of regulations, focusing on ICT risk assessment and cyber resilience, such as DORA (EU), Operational Resilience (PRA/FCA), Sounds Practice for Cyber Resilience (OCC), Cybersecurity Risk Management (SEC), CPS 234 (APRA), Master Direction on Information Technology (RBI) and more.

Key Features

• Critical processes identification through BIAs (Business Impact Analysis);

• ICT risk identification and assessment;

• ICT incident management;

• vendors due diligence;

• vendors’ contract inventory;

• business continuity planning;

• crisis information management;

• dedicated reporting.

Requirements

This module requires the Cyber Resilience license (CYRES).

This module is compatible starting with HOPEX AQUILA (V6.1).

Dependencies

• HOPEX Governance, Risk & Compliance;

• HOPEX Business Continuity Management;

• HOPEX IT Portfolio Management;

• optional: HOPEX Business Process Analysis;

• optional: HOPEX Internal Audit.

Documentation

See the HOPEX online documentation.

Release Notes

New

• Reports:
  • a table to review Processes, ICT Assets and Risks;
  • a table to follow-up BIA results on Processes and analyze impacts;
  • a Word Report to download information about Vendors and Contracts.
• Property page to quicly access data:
  • on Servers Deployed, Datacenters, Facilities and Sites to access BIAs;
  • on Processes and Operations to access Contracts.

Changed

• The IT Risk Assessment Template will also consider Sites, Servers Deployed, Datacenters and Facilities.
• Property Pages to add information:
  • Contract Types: added the Status column in the list of Contracts.
• Reports:
  • Triggered BCPs when displaying Incidents;
  • Indication of Major incidents, when required;
  • Incident and Process dendrogram have been extended;
  • Dashboard report will display also Data centers, Facilities and Servers Deployed.

To go further, see the HOPEX Release Note.