TRAC (ISMS)

TRAC.jpg

TRAC is an automated Information security management system and risk management tool created by Secure Banking Solutions. TRAC also automates policy creation and helps companies comply with a number of laws and regulations enforced by Regulators. The tool was created with small to mid-sized banks in mind with an aim to simplify complex processes that all banks must perform.

TRAC both simplifies and speeds up the process of creating adequate risk assessments both for IT assets and IT activities; it also helps banks ensure that they comply with the Bank Secrecy Act. TRAC also contains modules for managing and selecting third party vendors, generating and storing adequate policy, as well as tracking recommendations generated by either the program, the consultants at Secure Banking Solutions, or the users themselves.

Modules

TRAC modules are added and updated regularly. Each module provides a different service and outputs a variety of reports which reduces the need to contract the services of an IT Consultant.

Current Modules

Information Technology

The Information Technology module allows the user to perform a risk assessment on the Bank's IT assets. Assets are ranked by importance based on their protection profile which is based on the asset's confidentiality, availability, integrity, and volume. Threats are tied to each asset and ranked by impact and probability. Controls are then identified to mitigate risk on the particular asset. The end goal is calculate the residual risk of the asset, and a Risk Management plan.

Information Security

The Information Security module allows the user to perform an organizational risk assessment to rank each process available at the bank. The module also allows for policy creation using a number of different templates available and allows for custom policy statements. Policies can be stored, approved and downloaded at any time. Examples of polices include: Information Security Policy, Acceptable Use Policy, Pandemic Preparedness Policy, Risk Management Policy, etc.

Third Party Management

The Third Party Management module allows banks to keep track of all their vendors in one place. Generic vendor information can be stored, vendor contacts can be added, due diligence can be performed, and contract reviews can be performed. If used in conjunction with the Information Technology module, IT vendors can be tied to their respective asset to show the amount of risk related to each vendor.

Action Tracking

The Action Tracking module allows banks to set up plans and track the process of each. Many plans are generated from other modules, while plans can also be generated based on the consultant recommendations of Secure Banking Solutions. Tasks can also be kept track of within the tool, each with due dates and reminders.

Bank Secrecy Act

The Bank Secrecy Act (BSA) module allows banks to rate their compliance with the Bank Secrecy Act.

Audit

The Audit module allows banks to perform Internal Audits on themselves. A variety of Auditing templates are provided; custom templates are also supported.

Corporate Account Risk

The Corporate Account module focuses on Corporate Account Takeover, providing a framework for assessing the risk of individual accounts that the organization interacts with.

Business Continuity Program

The Business Continuity Program module provides a framework for conducting a Business Impact Analysis as well as creating a full Business Continuity Plan.

Enterprise Risk Management

The Enterprise Risk Management module provides an overarching view of an organization through a risk assessment.