Ra2

Ra2

Tool Identity Card

General information
Basic information to identify the product

Tool name : Ra2
Vendor name : AEXIS
Country of origin : Germany



Level of reference of the tool
Details about the coverage or the « originators » of the solution

Coverage : Local
Supported by organization, club,... (e.g. as sponsor) : N/A



Brief description of the product
Give a brief description of the product containing general information, overview of functions…

  • RRA2 art of risk is a stand-alone tool from AEXIS for Risk Management based on the ISO 17799 and ISO 27001 standards. For each of the steps in this process the tool contains a dedicated step with report generation and printing out of the results. RA2 Information Collection Device, a component that is distributed along with the tool, can be installed anywhere in the organization as needed to collect and feed back information into the Risk Assessment process. AEXIS provides a trial version of the tool.
    RA2 art of risk addresses the different steps in the process of establishing and implementing an ISMS, in accordance with the requirements lined out in the international standard ISO/IEC 27001:2005 (previously BS 7799-2:2002). For each of the steps in this process the tool contains a dedicated step with a report generation and printing out of the results. With the tool, it is possible to go through all the steps described in ISO/IEC 27001:2005 and to produce the necessary documentation of the Risk Assessment and Risk Management process.
    The functions include leading through the ISMS processes, calculation of risks, automatic carrying forward and updating of results, a detailed Help function and context sensitive help, and further support. Together with the tool RA2 art of risk V1.1 comes the RA2 Information Collection Device, which can be installed anywhere in the organization as necessary to collect and feed back information into the Risk Assessment process.


Supported functionality
Specify the functionality this tool provides.

R.A. Method phases supported

  • Risk identification: Example list of threats/vulnerabilities
  • Risk analysis: Risk decision process

Other phases

  • Asset inventory: Develop an ISMS asset inventory, select from example list, add new

R.M. Method phases supported

  • Risk assessment
  • Risk treatment : Suggested controls from ISO 17799, customization
  • Risk communication : Report generator, print-out facility

Other phases

  • ISMS Definition: Definition of the scope and business requirements policy and objectives for the ISMS

Other functionality

  • Information Collection Device: Collect information from different sources within the organization. and feed back in the risk assessment process.
  • Automated compliance analysis: Automatic produce key documents and reports

Information processed

  • Reports: Each step contains a report generation


Lifecycle
Date of the first edition, date and number of actual version

Date of first release : 2000
Date and identification of the last version : 2005 - v1.1



Useful links
Link for further information

Official web site : http://www.aexis.de/RA2ToolPage.htm
user group web site : N/A
Relevant web site : http://www.bsi-global.com/Risk/InformationSecurity/bip0022.xalter



Languages
List the available languages that the tool supports

Languages available : English(?)



Pricing and licensing models
Specify the price for the product (as provided by the company on December 2005)

  • £ 1100 (plus VAT) v1.1
  • £ 200 (plus VAT) upgrade to v1.1

Sectors with free availability or discounted price : N/A



Trial before purchase
Details regarding the evaluation period of the tool

CD or download available : Demo Download
Identification required : No
Trial period : -



Tool architecture
Specify the technologies used in this tool

  • Application: Stand alone application, Installed in single machine
  • Information Collection Device: Collect information from different sources and provide as input to the tool, Multiple Installations in the organization / company


Page top

Scope

Target public
Defines the most appropriate type of communities for this tool

  • Large scale companies
  • SME
  • Commercial CIEs
  • Non commercial CIEs

Specific sector : N/A



Spread
Information concerning the spread of this tool

General information : Applied around the world
Used inside EU countries : France, Germany, Sweden, UK
Used outside EU countries : Australia, Brazil, Canada, Japan



Level of detail
Specify the target kind of people for this tool based on its functionality

Management : N/A
Operational : N/A
Technical : N/A



Compliance to IT Standards
List the national or international standard this tool is compliant with



Tool helps towards a certification
Specify whether the tool helps the company toward a certification according to a standard

  • N/A


Training
Information about possible training courses for this tool

Course : N/A



Page top

Users viewpoint

Skills needed
Specify the skills needed to use and maintain the solution

  • To install : Easy to install
  • To use : help assistant, built in checklists, fully worked thought example
  • To maintain : Stable, no need for regular updates


Tool Support
Specify the kind of support the company provides for this product

Support : N/A



Organization processes integration
Describe user roles this tool supports

Supported Roles

  • N/A

Intergration in Organization activities

  • N/A


Interoperability with other tools
Specify available interfaces or other ways of integration with other tools

  • Import/Export (application specific): Information Collection Device
  • Export to CSV: Spreadsheet applications (e.g. Excel)


Sector adapted knowledge databases supported
Name and describe the sector adapted databases that this tool provides

  • N/A


Flexibility of tool's database
Can the database be customized and adapted to client requirements?

  • Assets/Threats/Vulnerabilities list: Customization of the list, define new
  • Controls list: Select 2000 or 2005 version list, identify additional controls