Risk Cloud Applications and Use Cases
Applications Eligible for Risk Cloud Basic:
Third-Party Risk Management
- Third-Party Risk Management ISO 27001
- Third-Party Risk Management SIG Lite
- Procurement & Contract Management
Enterprise Risk Management
- Enterprise Risk Management: COSO
- Enterprise Risk Management
- Compliance Task Management
- Regulatory Exam Management
Issues / Incident Management
- Issues Management
- Incident Management
- Policy & Procedure Management
- Employee Compliance
Controls Audit Management
- CMMC Self-Assessment
- HITRUST Controls Management
- SOC 2 Compliance
Standard Use Cases
Enterprise Risk Management, Third-Party Risk Management, IT Security Risk, Control Audit Management, Compliance Management, Incident Management, Issues Management, Policy Management, Regulatory Compliance, Internal Audit Management, Procurement & Contract Management, Business Continuity Management, Data Privacy
Risk Cloud Platform
An Application is a distinct set of rules and logic built in Risk Cloud supporting a singular use case. Live Applications are those used in a production setting and count towards the contracted Application amount.
Primary User functionality includes all Secondary User abilities (see below), in addition to the ability to create and manage users, create and manage user roles and permissions, create standard report views, create and modify workflows, create and modify forms, create and modify home screens, create and modify fields, create automated reminder rules or other automated jobs, perform bulk actions (import, assign), and create new Applications.
User that can view and interact with records, complete tasks, view home screens, view and create reports and dashboards, and view audit history of records.
User that can view specific records, complete attestations (such as those on policy records), or view a home screen.
External Users can receive email notifications and perform work using unique, tokenized links. External Users are for contributors outside of a Customer’s organization and do not have their own login. External Users cannot be utilized for Customer’s employees, contingent workers, or other users internal to their organization.
Public Pages allow you to create publicly available forms that can be submitted by anyone with the unique link.
SCIM User Provisioning
Provides access to SCIM 2.0 supported auto-provisioning that allows integration with identity management systems. Includes support for the following functions: Create, Update, and Deactivate users.
Provides database infrastructure that is not shared with other tenants.
Risk Cloud Documents
Provides the ability to configure document templates using a template-building tool called Formstack , and enables users to automate document generation in the Risk Cloud.
Info Sec Policy Catalog
Provides access to 12 information security policy templates, in the form of word documents, to be imported, customized, and used in Risk Cloud. In addition to policy templates, policy mapping to SOC 2 Common Criteria is also available for continued use. If major updates to the policy templates are made, InfoSec Policy Catalog users will be notified should they wish to receive the updated templates. Policy templates include:
- Information Security Policy
- Network Security & Monitoring Policy
- Vulnerability Management Policy
- Data Access & Identity Management Policy
- Data Classification Policy
- Asset & Application Management Policy
- Data Protection Policy
- Incident Response Policy
- Vendor Management Policy
- Security Awareness Policy
- Ethics Policy
- Business Resiliency Policy
Risk Cloud Quantify
Provides access to a risk quantification-enabled application that can be used for the purpose of calculating the potential loss exposure range in monetary terms for a given risk scenario.
Implementation & Professional Services
Quick Start Implementation
LogicGate’s Quick Start Implementation Option provides up to 15 hours of hands-on configuration support for an eligible Risk Cloud Application template. Included in the service is:
- Up to two (2) Application Walkthrough sessions
- Data import and mapping for up to three (3) workflows (500 records max per workflow)
LogicGate’s Standard Implementation Option provides up to 40 hours of hands-on configuration support for any of LogicGate’s Standard Use Cases, using an official Risk Cloud Application template or a custom build, typically within a 100-day period from the Kickoff Date. Included in the service is:
- One (1) Process Deep Dive session
- Up to five (5) Application Walkthrough sessions to configure the following:
- Up to four (4) Workflows
- Up to six (6) Roles
- Up to ten (10) Jobs
- Up to six (6) Table Reports
- Up to eight (8) Visual Reports
- Up to one (1) Dashboard
- One (1) Admin User Testing Feedback session
- One (1) End User Testing Feedback session
- Data import and mapping for up to three (3) workflows (500 records max per workflow)
- Initial user account creation
- Access for Primary Users to the Risk CloudPower User Certification program
- One (1) live admin training session provided via web conference and recorded
- Single sign-on implementation support (if applicable)
Subject to a required scoping exercise, LogicGate’s Custom Implementation Option provides implementation services for any use case not included in LogicGate's Standard Use Cases and/or any implementation that will require more than 40 hours of Implementation Services. This implementation includes all Standard Implementation service offerings, as well as any additional services scoped and agreed upon within a Statement of Work.
Each implementation option listed above can be used to cover: (1) the implementation of an application that is one of the Standard Use Cases and not a combination of any two Standard Use Cases; or (2) the implementation of an application that has one clearly defined business owner at your organization and is of a similar scope to a Standard Use Case.
Includes access to the LogicGate Help Center (help.logicgate.com); core Risk Cloud training content on LogicGate Learning portal; bi-annual syncs with your LogicGate Customer Success Manager and Relationship Manager to review business outcomes and metrics, as well as get updates on Risk Cloud product offerings; in-app chat support; and updates related to the latest version of Risk Cloud Standards and Regulations Content provided to you via spreadsheet within 60 days of a major release published by the authoritative source.
Includes access to the LogicGate Help Center (help.logicgate.com); core Risk Cloud training content on LogicGate Learning portal; quarterly syncs with your LogicGate Customer Success Manager and/or Relationship Manager to review business outcomes and metrics, as well as get updates on Risk Cloud product offerings; in-app chat support; up to six (6) hours per month of configuration, Risk Cloud training, content update, or GRC process design and enablement support from the Risk Cloud Consultant team, who can provide expert LogicGate product support; and support with loading the latest version of Risk Cloud Standards and Regulations Content within 60 days of a major release published by the authoritative source, as well as mapping the new version to the “primary control set” (i.e., Secure Controls Framework or HITRUST) within 60 days of a major release from the primary control set’s authoritative source, to maintain relevant control mappings.
Professional Service Bundles
Ten (10) hours of access to the Risk Cloud Consultant Team, in addition to either of the Success packages listed above. Can be used for additional configuration, system administration, content update, or GRC process design and enablement support; and support with applying updates to existing control mappings for Risk Cloud Standards and Regulations Content.
Project Plan Development & Management
Risk Cloud Implementation Team will collaborate with Customer to provide guidance on key project activities and milestones, along with expected timing based on Customer’s timeline requirements, if applicable. Risk Cloud Implementation Team will work with Customer throughout the implementation to track towards the expected timeline and adjust as needed. Includes up to 8 hours of services.
Data Structure Diagram
Risk Cloud Implementation Team will collaborate with Customer to confirm Customer’s overarching vision for the in-scope interconnected workflows and applications to be built in the LogicGate Risk Cloud platform. The development of the data structure diagram will be facilitated via virtual whiteboard sessions, during which the teams will align on the high-level data structures (i.e., workflows) and how they will be related. Includes up to 8 hours of services.
Workflow “Data Dictionaries”
Risk Cloud Implementation Team will collaborate with Customer to understand the key data points required for each data object maintained in Risk Cloud. Risk Cloud Implementation Team will create and maintain “data dictionaries” for each data object as part of the Implementation. Includes up to 4 hours of services.
Configuration Change Decision Tracker
Risk Cloud Implementation Team will document all key configuration decisions and rationale for the decisions. The tracker will be shared with Customer and will be continuously updated throughout the Implementation period. Includes up to 8 hours of services.
Risk Cloud Implementation Team will track the key requirements of the Implementation, including the owner of the requirement, key dates related to the requirement, and the overall status. Includes up to 8 hours of services.
User Acceptance Testing Scripts
Risk Cloud Implementation Team will work with Customer to define the appropriate user acceptance testing scripts for admin and end user testing. Customer is responsible for confirming the scope of the testing. Includes up to 4 hours of services.
Advanced Admin User Training
Risk Cloud Implementation Team will collaborate with Customer to identify advanced admin training topics to cover. Risk Cloud Implementation Team will lead live virtual admin training and provide a recording of the session(s) to Customer. Includes up to 4 hours of services.
End User Training
Risk Cloud Implementation Team will collaborate with Customer to identify key topics for the end user training. Risk Cloud Implementation Team will develop a training based on the agreed upon topics. Customer is responsible for gathering the correct end users and setting a time for the training. Risk Cloud Implementation Team will conduct virtual end user training via web conference and provide a recording of the session(s) to Customer. Includes up to 8 hours of services.
Custom Instructional Videos
Risk Cloud Implementation Team will collaborate with Customer to create an outline for the instructional video. Customer is responsible for providing feedback on the script and approving it. Risk Cloud Implementation Team is responsible for recording the video based on the agreed upon script. The video will be provided to Customer as an MP4 file. Includes up to 8 hours of services.
Custom Admin Maintenance Manual
Risk Cloud Implementation Team will document how the Application was created and provide steps on how to maintain and edit the Application going forward (step by step guidance may contain links to external help articles or training material). Includes up to 8 hours of services.
Risk Cloud Implementation Team will document all of the Workflows built, how they are connected and the objects each Workflow is capturing. The Workflow Narrative will be provided to Customer at the end of the Implementation period. Includes up to 4 hours of services.
Risk Cloud Implementation Team will provide documentation of all the applicable Roles, Permission Sets, and User Groups. Access Matrix will define Role Module Entitlements and Permission Sets along with which users are granted access to each Role. Includes up to 4 hours of services.
Risk Cloud Implementation Team will provide documentation of all the applicable Jobs for the Application built. The Job Matrix will include information like Job Type, Workflow, Steps, Recipients, Conditions, and Operations. Includes up to 4 hours of services.
Document Report Configuration
Risk Cloud Implementation Team will provide initial setup of report(s) based on Customer-provided template(s) and basic training on how to utilize reports. Customer is responsible for providing template(s) for any report(s) created. Includes up to 10 hours of services.
Additional Data Import & Mapping
Risk Cloud Implementation Team will import and map data provided by Customer for up to 6 workflows, 500 records per workflow. Risk Cloud Implementation Team will provide Customer with data load template(s) and Customer is responsible for providing data and mappings in the correct format. Includes up to 4 hours of services.
Integrations & Content
Includes obligation, rule, and metadata for a given Ascent regulator integrated into the “Regulatory Compliance Powered by Ascent” Application within the Risk Cloud.
Core Integrations Bundle
Includes native Risk Cloud integrations (Jira, Slack) and access to the RESTful API.
Risk Cloud Connect - Out of the Box Connector
Pre-built connectors (e.g., Security Scorecard, ServiceNow, DocuSign, Salesforce) for common GRC use cases that are specific in the connector’s scope and use case.
Risk Cloud Connect - Managed Connector
Custom-built and maintained connections by LogicGate’s Integrations Services Team to connect to common SaaS platforms (e.g., Formstack, Workday, Qualys, Tenable, Oracle NetSuite, Microsoft Teams).
Integration Service Bundles
Ten (10) hours of access to the LogicGate Integration Services Team, in addition to the Risk Cloud Connect - Managed Connector above. Will be used to build out the integration to the exact specifications required by Customer.
Last Updated: 09/17/21