LogicGate Risk Cloud® Services Descriptions

Risk Cloud Applications and Use Cases

Applications Eligible for Risk Cloud Basic:  

Third-Party Risk Management

Enterprise Risk Management

Compliance Management

Issues / Incident Management

Policy Management

Controls Audit Management

Standard Use Cases

Enterprise Risk Management, Third-Party Risk Management, IT Security Risk, Control Audit Management, Compliance Management, Incident Management, Issues Management, Policy Management, Regulatory Compliance, Internal Audit Management, Procurement & Contract Management, Business Continuity Management, Data Privacy

Risk Cloud Platform

Application

An Application is a distinct set of rules and logic built in Risk Cloud supporting a singular use case.  Live Applications are those used in a production setting and count towards the contracted Application amount.

Primary User

Primary User functionality includes all Secondary User abilities (see below), in addition to the ability to create and manage users, create and manage user roles and permissions, create standard report views, create and modify workflows, create and modify forms, create and modify home screens, create and modify fields, create automated reminder rules or other automated jobs, perform bulk actions (import, assign), and create new Applications.

Secondary User

User that can view and interact with records, complete tasks, view home screens, view and create reports and dashboards, and view audit history of records.

Limited User

User that can view specific records, complete attestations (such as those on policy records), or view a home screen.

External User

External Users can receive email notifications and perform work using unique, tokenized links.  External Users are for contributors outside of a Customer’s organization and do not have their own login. External Users cannot be utilized for Customer’s employees, contingent workers, or other users internal to their organization.

Public Pages

Public Pages allow you to create publicly available forms that can be submitted by anyone with the unique link.

SCIM User Provisioning

Provides access to SCIM 2.0 supported auto-provisioning that allows integration with identity management systems. Includes support for the following functions: Create, Update, and Deactivate users.

Single Tenancy

Provides database infrastructure that is not shared with other tenants.

Risk Cloud Documents

Provides the ability to configure document templates using a template-building tool called Formstack , and enables users to automate document generation in the Risk Cloud.

Info Sec Policy Catalog

Provides access to 12 information security policy templates, in the form of word documents, to be imported, customized, and used in Risk Cloud. In addition to policy templates, policy mapping to SOC 2 Common Criteria is also available for continued use. If major updates to the policy templates are made, InfoSec Policy Catalog users will be notified should they wish to receive the updated templates. Policy templates include:

Risk Cloud Quantify

Provides access to a risk quantification-enabled application that can be used for the purpose of calculating the potential loss exposure range in monetary terms for a given risk scenario.

Implementation & Professional Services

Quick Start Implementation

LogicGate’s Quick Start Implementation Option provides up to 15 hours of hands-on configuration support for an eligible Risk Cloud Application template. Included in the service is:

Standard Implementation

LogicGate’s Standard Implementation Option provides up to 40 hours of hands-on configuration support for any of LogicGate’s Standard Use Cases, using an official Risk Cloud Application template or a custom build, typically within a 100-day period from the Kickoff Date. Included in the service is:

Custom Implementation

Subject to a required scoping exercise, LogicGate’s Custom Implementation Option provides implementation services for any use case not included in LogicGate's Standard Use Cases and/or any implementation that will require more than 40 hours of Implementation Services. This implementation includes all Standard Implementation service offerings, as well as any additional services scoped and agreed upon within a Statement of Work.

Implementation Scope

Each implementation option listed above can be used to cover: (1) the implementation of an application that is one of the Standard Use Cases and not a combination of any two Standard Use Cases; or (2) the implementation of an application that has one clearly defined business owner at your organization and is of a similar scope to a Standard Use Case.

Standard Success

Includes access to the LogicGate Help Center (help.logicgate.com); core Risk Cloud training content on LogicGate Learning portal;  bi-annual syncs with your LogicGate Customer Success Manager and Relationship Manager to review business outcomes and metrics, as well as get updates on Risk Cloud product offerings; in-app chat support; and updates related to the latest version of Risk Cloud Standards and Regulations Content provided to you via spreadsheet within 60 days of a major release published by the authoritative source.

Premier Success

Includes access to the LogicGate Help Center (help.logicgate.com); core Risk Cloud training content on LogicGate Learning portal; quarterly syncs with your LogicGate Customer Success Manager and/or Relationship Manager to review business outcomes and metrics, as well as get updates on Risk Cloud product offerings; in-app chat support; up to six (6) hours per month of configuration, Risk Cloud training, content update, or GRC process design and enablement support from the Risk Cloud Consultant team, who can provide expert LogicGate product support; and support with loading the latest version of Risk Cloud Standards and Regulations Content within 60 days of a major release published by the authoritative source, as well as mapping the new version to the “primary control set” (i.e., Secure Controls Framework or HITRUST) within 60 days of a major release from the primary control set’s authoritative source, to maintain relevant control mappings.

Professional Service Bundles

Ten (10) hours of access to the Risk Cloud Consultant Team, in addition to either of the Success packages listed above. Can be used for additional configuration, system administration, content update, or GRC process design and enablement support; and support with applying updates to existing control mappings for Risk Cloud Standards and Regulations Content.

Implementation Add-Ons

Project Plan Development & Management

Risk Cloud Implementation Team will collaborate with Customer to provide guidance on key project activities and milestones, along with expected timing based on Customer’s timeline requirements, if applicable. Risk Cloud Implementation Team will work with Customer throughout the implementation to track towards the expected timeline and adjust as needed. Includes up to 8 hours of services.

Data Structure Diagram

Risk Cloud Implementation Team will collaborate with Customer to confirm Customer’s overarching vision for the in-scope interconnected workflows and applications to be built in the LogicGate Risk Cloud platform. The development of the data structure diagram will be facilitated via virtual whiteboard sessions, during which the teams will align on the high-level data structures (i.e., workflows) and how they will be related. Includes up to 8 hours of services.

Workflow “Data Dictionaries”

Risk Cloud Implementation Team will collaborate with Customer to understand the key data points required for each data object maintained in Risk Cloud. Risk Cloud Implementation Team will create and maintain “data dictionaries” for each data object as part of the Implementation. Includes up to 4 hours of services.

Configuration Change Decision Tracker

Risk Cloud Implementation Team will document all key configuration decisions and rationale for the decisions. The tracker will be shared with Customer and will be continuously updated throughout the Implementation period. Includes up to 8 hours of services.

Requirements Tracker

Risk Cloud Implementation Team will track the key requirements of the Implementation, including the owner of the requirement, key dates related to the requirement, and the overall status.  Includes up to 8 hours of services.

User Acceptance Testing Scripts

Risk Cloud Implementation Team will work with Customer to define the appropriate user acceptance testing scripts for admin and end user testing. Customer is responsible for confirming the scope of the testing. Includes up to 4 hours of services.

Advanced Admin User Training

Risk Cloud Implementation Team will collaborate with Customer to identify advanced admin training topics to cover. Risk Cloud Implementation Team will lead live virtual admin training and provide a recording of the session(s) to Customer. Includes up to 4 hours of services.

End User Training

Risk Cloud Implementation Team will collaborate with Customer to identify key topics for the end user training. Risk Cloud Implementation Team will develop a training based on the agreed upon topics. Customer is responsible for gathering the correct end users and setting a time for the training. Risk Cloud Implementation Team will conduct virtual end user training via web conference and provide a recording of the session(s) to Customer. Includes up to 8 hours of services.

Custom Instructional Videos

Risk Cloud Implementation Team will collaborate with Customer to create an outline for the instructional video. Customer is responsible for providing feedback on the script and approving it. Risk Cloud Implementation Team is responsible for recording the video based on the agreed upon script. The video will be provided to Customer as an MP4 file. Includes up to 8 hours of services.

Custom Admin Maintenance Manual

Risk Cloud Implementation Team will document how the Application was created and provide steps on how to maintain and edit the Application going forward (step by step guidance may contain links to external help articles or training material). Includes up to 8 hours of services.

Workflow Narrative

Risk Cloud Implementation Team will document all of the Workflows built, how they are connected and the objects each Workflow is capturing. The Workflow Narrative will be provided to Customer at the end of the Implementation period. Includes up to 4 hours of services.

Access Matrix

Risk Cloud Implementation Team will provide documentation of all the applicable Roles, Permission Sets, and User Groups. Access Matrix will define Role Module Entitlements and Permission Sets along with which users are granted access to each Role. Includes up to 4 hours of services.

Jobs Matrix

Risk Cloud Implementation Team will provide documentation of all the applicable Jobs for the Application built. The Job Matrix will include information like Job Type, Workflow, Steps, Recipients, Conditions, and Operations. Includes up to 4 hours of services.

Document Report Configuration

Risk Cloud Implementation Team will provide initial setup of report(s) based on Customer-provided template(s) and basic training on how to utilize reports. Customer is responsible for providing template(s) for any report(s) created. Includes up to 10 hours of services.

Additional Data Import & Mapping

Risk Cloud Implementation Team will import and map data provided by Customer for up to 6 workflows, 500 records per workflow. Risk Cloud Implementation Team will provide Customer with data load template(s) and Customer is responsible for providing data and mappings in the correct format. Includes up to 4 hours of services.

Integrations & Content

Ascent Regulators

Includes obligation, rule, and metadata for a given Ascent regulator integrated into the “Regulatory Compliance Powered by Ascent” Application within the Risk Cloud.

Workato

Middleware platform utilized for Risk Cloud Connect integrations. Customer’s use of Workato Services is subject to Workato’s Terms of Use and Workato’s Privacy Policy.

Core Integrations Bundle

Includes native Risk Cloud integrations (Jira, Slack) and access to the RESTful API.

Risk Cloud Connect - Out of the Box Connector

Pre-built connectors (e.g., Security Scorecard, ServiceNow, DocuSign, Salesforce) for common GRC use cases that are specific in the connector’s scope and use case.

Risk Cloud Connect - Managed Connector

Custom-built and maintained connections by LogicGate’s Integrations Services Team to connect to common SaaS platforms (e.g., Formstack, Workday, Qualys, Tenable, Oracle NetSuite, Microsoft Teams).

Integration Service Bundles

Ten (10) hours of access to the LogicGate Integration Services Team, in addition to the Risk Cloud Connect - Managed Connector above. Will be used to build out the integration to the exact specifications required by Customer.

v.2.10

Last Updated: 09/17/21