The DECIMAL CS IT Risk Management Application enables you to simplify the identification, analysis, and mitigation of IT risks. The Application cuts across enterprise siloes, integrating IT risk data in a common framework for comprehensive visibility. The Application also streamlines the IT risk management lifecycle, including risk documentation and assessments, control management, and issue detection and resolution. IT risks are mapped to business risks to strengthen reporting. In addition, sophisticated analytics and reports transform raw risk data into actionable IT risk intelligence to enhance decision-making.


IT Risk Identification

Maintains a central IT risk library documenting risk nature, source, area of impact, response strategies, KRIs, and mitigating controls; helps define risk taxonomy in a hierarchy to simplify threat modeling

Flexible Asset Repository

Identifies assets as critical or non-critical based on multiple parameters; centrally stores and maps together asset data, including risks, policies, and control assessment findings

IT Risk Assessment and Analysis

Enables IT risk assessment planning, scheduling, and execution; provides configurable algorithms to construct inherent and residual risk score and control score formulas; supports multi-dimensional risk assessments

IT Control Design and Evaluation

Helps define risk mitigating controls based on industry standard frameworks; supports IT control assessments with mechanisms to score and report results; integrates with the Unified Compliance Framework (UCF) to map and harmonize controls

Emergency Mass Notifications

Supports the creation and management of emergency caller trees and lists, as well as notification templates; triggers automated notifications during a crisis

Issue Management

Routes issues from IT risk and control assessments through a closed-loop process of investigation, root cause analysis, and remediation

IT Risk Monitoring

Aggregates IT risk data intro pre-defined risk reports, user-configurable risk heat maps, and role-based executive dashboards; delivers hierarchical tree-views of risk assessment factors and sub-factors


  1. Manage BCM and disaster recovery programs and efforts from one, centralized platform
  2. Build a robust business continuity and disaster recovery plan aligned with key industry standards and frameworks
  3. Gain timely, in-depth visibility into business continuity risks through a world-class analytics engine and graphical dashboards
  4. Clearly define and map processes with MTTD, RTO, and RPO objectives
  5. Enable real-time situational awareness through integration with authoritative feeds, alerts, and emergency mass notifications
  6. Access business continuity plans anytime,


  1. Improve IT risk visibility with a common system to manage and track risk data
  2. Strengthen IT risk management with one-point access to multiple risk frameworks, including COSO, COBIT, and ISO 27000
  3. Streamline and standardize IT risk assessments and control testing. Enhance process consistency, reliability, and predictability
  4. Enhance IT risk analysis with tools for qualitative and qualitative risk assessments, multi-perspective risk scoring, and scenario modeling
  5. Gain a 360-degree, real-time view of IT risks across the enterprise. Proactively mitigate emerging risks and issues
  6. Establish a common set of controls by leveraging UCF to map 9,300+ IT controls to 1,200+ regulations and standards