Tool Overview:
Vigilant Software

About Vigilant Software

Vigilant Software specializes in information security risk management and GDPR compliance software solutions. The company's flagship products include vsRisk, a risk assessment platform designed for ISO 27001 compliance, and the Data Flow Mapping Tool for GDPR compliance management. These tools are part of the broader CyberComply platform, which integrates multiple compliance and risk management functionalities.

What does Vigilant Software do?

The company's primary tool, vsRisk, serves as a risk assessment platform specifically tailored for ISO 27001 risk assessments. The software streamlines the process of conducting risk assessments and producing supporting documentation through features such as custom acceptance criteria and a risk assessment wizard. Users can define multiple criteria for different likelihood and impact combinations, enabling more sophisticated risk evaluations tailored to specific organizational needs.

The Data Flow Mapping Tool focuses on GDPR compliance by helping organizations map their data flows and assess risks in data processing activities. The tool enables users to identify key elements such as data items obtained, data formats, transfer methods, storage locations, accountability, and access permissions. This mapping capability helps organizations understand what personal data they process and ensures this processing aligns with legal requirements.

The CyberComply platform integrates these tools and includes additional features such as Consultancy Access, which allows consultants to manage multiple organization accounts through a single login. The platform implements role-based access control with distinct user roles including organization admin, contributor, read-only, and revoked access levels.

What makes Vigilant Software different?

The software offers an integration of legal and regulatory requirements with technical controls. The platform includes an IT Legal Compliance Database pre-populated with over 90 laws and regulations pertaining to information security in England and Wales. This database maps specific legislative clauses to corresponding ISO 27001 controls, helping organizations maintain compliance across multiple regulatory frameworks.

The risk assessment methodology in vsRisk incorporates asset management capabilities, with an asset library that assigns organizational roles to each asset group and applies relevant threats and risks by default. The software maintains integrated risk, vulnerability, and threat databases, eliminating the need for manual risk compilation. This systematic approach helps ensure consistency in risk assessments across an organization.

Use cases and industries

The software serves organizations implementing ISO 27001 and those seeking GDPR compliance. It particularly addresses the needs of organizations that must demonstrate compliance with multiple regulatory frameworks simultaneously. The platform supports various operational scenarios, from conducting basic risk assessments to managing complex supplier relationships and third-party risk management.

Key use cases include conducting ISO 27001 risk assessments, creating Statements of Applicability (SoA), developing Risk Treatment Plans (RTP), mapping data flows for GDPR compliance, and managing risks associated with supplier relationships. The software helps organizations establish risk criteria, identify threats and vulnerabilities, and implement appropriate controls based on their specific risk appetite and compliance requirements.

The tool structure reflects the requirements of ISO 27001 Clause 6, which mandates specific approaches to planning, risk assessment, and risk treatment. This alignment helps organizations maintain documented evidence of their information security risk assessment process, which is crucial for compliance audits and ongoing security management.