HOPEX Cyber Resilience

Summary

The HOPEX Cyber Resilience module empowers you to effectively manage ICT risks associated with your critical processes and IT assets. It facilitates vendor due diligence, enabling you to assess vendors, maintain contract inventory, and ensure compliance. Additionally, the module allows you to define continuity plans, conduct, and monitor continuity tests. Furthermore, it provides comprehensive incident management capabilities, including detailed impact analysis and reporting features to facilitate communication with relevant authorities.

HOPEX Cyber Resilience empowers you to initiate and implement resilience strategies, ensuring continuity for your business operations. It enables compliance with a variety of regulations, focusing on ICT risk assessment and cyber resilience, such as  DORA (EU), Operational Resilience (PRA/FCA), Sounds Practice for Cyber Resilience (OCC), Cybersecurity Risk Management (SEC), CPS 234 (APRA), Master Direction on Information Technology (RBI) and more.

Key Features

• Critical processes identification through BIA;

• ICT risk identification and assessment;

• ICT incident management;

• vendors due diligence;

• vendors’ contract inventory;

• business continuity planning;

• crisis information management;

• dedicated reporting.

Requirements

This module requires the Cyber Resilience license (CYRES).

Dependencies

• HOPEX Governance, Risk & Compliance;

• HOPEX Business Continuity Management;

• HOPEX IT Portfolio Management;

• optional: HOPEX Business Process Analysis;

• optional: HOPEX Internal Audit.

Documentation

See the HOPEX online documentation.

Release Notes

New

• Management of contracts: you will be able to create contracts, defining the type of contract, begin and end dates, along with internal department and vendor who signed the contract and the asset/services acquired with the contract;

• vendors due diligence and vendor cyber rating attribute: for each vendor you will be able to record the result of the cyber due diligence with a dedicated assessment template;

• ICT risk assessment: you will be able to launch assessment campaign on ICT risks on all the ICT assets in a specific scope computed with a dedicated assessment template;

• root cause description on incidents: a new field will help you enrich your Incident analysis describing the root causal analysis of the incident itself;

• menu items to access ICT objects: new menu entries allow you to acces lists of ICT assets;

• reports focusing on Incidents, vendors, contracts and ICT assets impacts.

To go further, see the HOPEX Release Note.