07. 02. 2018 Mirko Morandini EriZone & OTRS

Reporting, Document Management and Risk Evaluation with EriZone

EriZone is mainly used as an (IT) SM tool to manage incidents, service requests and changes, and to document the assignment and return of devices.
However, a ticket system like EriZone can also support other processes – for example, those that need to provide structured documentation. In fact, many standards require reporting risks or other undesirable events to a regulator. In this case, EriZone can trace all these incidents and trigger preventive or corrective actions.

Consider the Occupational Safety & Health Act in IT security standards such as ISO-27001, the current EU General Data Protection Regulation GDPR and the Hazard Analysis and Critical Control Points HACCP. For each of these three standards, the entire process, from the notification and assessment of an incident to the solution, must be fully and comprehensibly documented for regulatory and external audits.

EriZone can already map these processes: Notifications are either sent to specific e-mail addresses (i.e. dataprotection@xy.com, security@xy.com, etc.), or displayed on the Web interface through specific and easy-to-understand services.

Tickets are stored directly in specific queues visible only by the people in charge of data protection, security, etc. In this way, it is possible to analyze the message, provide feedback, and take the necessary actions, all guided by a preconfigured EriZone process.
EriZone supports Risk Analysis by integrating the “Risk Evaluation” module into the “Change Evaluation” package, so that you can analyze the risks related to a security incident by determining the impact of the event.

For example, an employee discovers an icy emergency exit and is therefore obligated to report the situation. He can send an email to security@abc.intern or enter the notification in the web interface bysetting “Safety at work” as the service and associating it with the category “Risk message”. In both cases, the ticket in EriZone comes directly to the person in charge – without any risk of message loss. Based on the results of the risk analysis (i.e. a relatively low probability of occurrence and a high risk of injury indicates medium priority), the safety officer will then check the emergency exit and advise to sprinkle salt on cold days. These actions are recorded as a note in the ticket that can be closed successfully. However, if the safety officer decides to accept the risk and doesn’t take any action, then this is also recorded. Finally, all such tickets are archived in the security queue.

Risk Analysis with EriZone

Adopt and Adapt

Following the example above, you can easily understand the versatility of our solution. EriZone can be adopted and adapted to your own needs to cover a wide range of possibilities such as feedback, complaints, purchase or resource management, and many other processes that need to follow an approval process and that need to be documented and archived.

Share this post
Share on LinkedInTweet about this on TwitterShare on FacebookShare on Google+Email this to someoneShare on Tumblr
Mirko Morandini

Mirko Morandini

Mirko Morandini, PhD, is part of the EriZone team since 2015. As a consultant, he guided the implementation of EriZone in various projects in the DACH area and in Italy.

Author

Mirko Morandini

Mirko Morandini, PhD, is part of the EriZone team since 2015. As a consultant, he guided the implementation of EriZone in various projects in the DACH area and in Italy.

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive