Asset Management
The Asset Management module supports a generic management process including inventory, classification, dependencies, requirements handling, maintenance activities, non-conformities, risk, control, follow-up and reporting.
This provides the opportunity to support several different types of resources and assets with the same tool and information model, e.g. Process, Project, Information, Personal data processing, Information system, IT service, CMDB, Facility, External supplier and others.
Functionality
Asset management is a stand-alone module in the iFACTS platform. Asset types are created dynamically and configured with a portal, including tabs and information fields, categorizations, dependencies and permissions.
All iFACTS functions are available to configure, for example, report tools, document management, checklist, dependency graph, activities, annual wheel, workflows, goals, non-conformities, trigger logic, requirements handling, control, risk, incident management, decisions and more.
Process
Processes and information structure are created, such as owner, main process, sub-process, type, categorization, classification. Each process gets its own portal, where all information and functionality is gathered.
The process is visualized in iFACTS process workflow tools that make the various process steps visible as well as linked documents and activities.
Support for work with quality management, work environment, environment, safety, continuity, crisis management.
All iFACTS functionality can be activated in the workflow, eg goals and measurement, document management, deviation management, checklist, risk, control.
The dependency graph provides the opportunity to link other organizational parts to the process to illustrate the value chain, such as other processes, external suppliers or IT.
iFACTS reporting tool is used to create reports and dashboards.
Project
Projects and their information structure are created as owners, project steps, type, categorization, classification, budget. Each project gets its own portal, where all information and functionality is gathered. All project participants can be given permission and share a common workspace for the project.
All iFACTS functionality can be activated in the workflow, e.g. goals and measurements, planned activities, document management, non-conformity management, checklist, risk, control.
In the portal view, a monitor mode is used where the project’s progress is continuously followed, for example, activities performed, measurements, budget follow-up.
iFACTS reporting tools are used to create reports, dashboards timed follow-up and reporting opportunities.
Information
Set-up of the structure for the organization’s information assets, where common practice is the ISO27000 series. In this practice, a maintenance model is created for the information with owners, type, classification, requirements handling, maintenance activities, budget, goals and measurements, incident handling, control, risk, continuity, connection to business processes and IT resources.
Classification, requirements triggering and dependency graph are important basic functionality. The result here is passed on to other IT resources for correct requirements at all levels.
Control and requirements libraries are created which are linked to classification, types, categories and dependency connection.
All iFACTS functionality can be activated in the workflow, e.g. goals and measurements, planned activities, document management, non-conformity management, checklist, risk, control.
Personal data processing (GDPR)
Personal data processing is a type of information access. It originates from the Data Protection Regulation (GDPR). The regulation is extensive and we recommend handling Personal Data Processing as a separate type of asset in order to clearly demonstrate compliance and an active management model.
ISO has created a standard linked to personal data – ISO / IEC 27701 – which is designed as an addition to the ISO27000 series.
The documentation requirements are extensive. iFACTS’ documentation function is used where sections and information attributes can be created dynamically, including classification and categorization.
Requirements to control subcontractors – so-called Data Processors – are configured by setting them up as an asset type “External supplier” and linking them to personal data processing. Functionality for contracts, control, risk and requirements handling.
Via the Incident & Event module, the required event types are created: Consent, report data breach, “what information is available about me?” – portability, deletion request.
If the processing of personal data contains sensitive data, an impact assessment (DPIA) must be carried out. The iFACTS risk module is used here.
Information System
This creates the structure for the organization’s information system, where common practice is the ISO27000 series. In this practice, a management model is created for the information systems with owners, type, classification, requirements handling, maintenance activities, budget, goals and measurements, incident handling, control, risk, continuity, connection to business processes and IT resources.
Information systems can be of several different types and can be categorized into several groups, eg systems, SCADA, app, programs, clouds, IoT and others. From a continuity and security perspective, it is important that everyone is included in the inventory. All have a role in the organization’s value chains, where everyone is dependent on each other. If one fails, it can affect other stakeholders and assets.
The functions for classification, requirements handling and dependencies are central. In IT, value chains are long and complicated with many sources of error. For example, it can start with the business process and its information, which is processed in an information system which in turn is connected to an IT service, which is connected to an IT infrastructure. The requirements run throughout the chain.
All iFACTS functionality can be activated in the workflow, eg goals and feeding, planned activities, document management, deviation management, checklist, risk, control.
IT Serivces
This creates the structure for the organization’s IT services, where common practice is ITIL and the ISO27000 series. The IT services are collected in service catalogs and can be divided into higher IT services intended for customers, as well as lower more technology-oriented services such as communication or encryption.
All basic need is to create the structure in the service catalog and connect each customer to IT services and subgroups.
The customer can, for example, be an information system that signs an agreement with an IT service for application operation. The requirements then automatically come from the information system and become applicable to the IT service. These requirements travel further to lower levels of technology-oriented IT services as well as other external suppliers. It is important that everyone is involved to control the entire chain.
All iFACTS functionality can be activated in the workflow for IT services with owners, type, classification, requirements management, management activities, budget, goals and measurement, control, risk, connection to business processes and IT resources.
IT-Infrastructure (CMDB)
This creates the structure for the organization’s IT infrastructure – often referred to as CMDB, Configuration Management DataBase. The practice is again, ITIL and the ISO27000 series. The IT infrastructure is all the technical components that work together to deliver the IT services, e.g. server, database, storage, communication.
The need is often an inventory of all the components and its connection to the IT services.
Because all parts of the value chain are interconnected, at this level you can see exactly which systems are operated on a server, which operating systems are used, confidentiality classification or availability requirements.
This also provides an opportunity to map known threats and vulnerabilities to the operating environment. For example, a vulnerability in a particular operating system that can be exploited by specific threats.
Facility
Facilities can be documented, with its information structure such as owner, address, type, categorization, classification, budget, insurance values, fire inspection intervals etc.. Each facility has its own portal where all information and functionality is gathered. Different stakeholders can be given permission and share a common workspace for the facility. Plant types can be property, land, factory, production plant, bridge, road, etc.
All iFACTS functionality can be activated in the workflow, e.g. goals and measurements, planned activities, document management, non-conformity handling, systematic fire protection work – SBA, checklist, risk, control, inspection, survey, EML calculations.
In the portal view, a monitor mode is used where the current state of the facility is continuously followed, for example, activities performed, measurements, budget follow-up.
iFACTS reporting tools are used to create reports, dashboards, scheduled follow-up and reporting.
External suppliers
The organization’s external suppliers can be set-up and linked to what services they offer, and where they are used in the value chains.
The external supplier often needs to be controlled from a compliance perspective. This can be done by connecting the requirements library to the supplier, when procuring the service. Control programs can be created, where the external supplier regularly conducts self-assessments against set requirements.
iFACTS Contract provides the opportunity to document the contract, its requirements, goals and measurements as well as formalities such as due date, notice period, etc.
With the help of iFACTS metrics and status, the supplier can be made visible within the information model in the same way as other internal organizations, processes, resources and assets.
Infrastructure system
Infrastructure systems refer to the grouping of services, organizations, assets, processes and external actors that collaborate within an infrastructure. Examples are water supply, electricity supply, finance, transport, pharmaceuticals.
Here, all actors in the infrastructure system can be set-up and connected to each other. The purpose is to control and manage from a holistic perspective. A common problem is that these systems are not controlled at an overall level. Each actor takes care of their operations, separated from each other.
With the help of iFACTS metrics and status, the various suppliers can be made visible within the information model with status, metrics, non-conformities, risks, audit remarks.
