FokusRM
FokusRM Docs
Back to App

Introduction

FokusRM provides an operator-first system for cyber and IT risk management across risk registers, controls, assessments, findings, and evidence.

Use this guide as a practical playbook for daily operations, not just a product tour.

Built for operators

Track ownership, progress, and risk posture in one structured workflow.

Managed-service ready

Provider teams and tenant teams can collaborate with strict role and tenant boundaries.

Getting Started

A clean rollout usually takes four steps:

Step 1

Provision tenant and user access

Create your tenant, assign user roles, and verify active tenant context before operational work starts.

Step 2

Build or import your register

Import catalogue risks or create them manually with clear ownership, domains, and categories.

Step 3

Score and define treatment

Set inherent, residual, and target scores, then propose treatment decisions and map supporting controls.

Step 4

Operationalize monitoring

Run assessments, track findings, refresh evidence, and use reporting exports for regular governance cadence.

Daily Risk Workflow

Typical daily operating cycle:

  • Review score changes and appetite breaches from the dashboard and register views.
  • Update treatment decisions and associated control mappings for in-scope risks.
  • Check control health based on tests, open findings, and evidence freshness.
  • Process pending assessment reviews and approval checkpoints.
  • Export risk/findings summaries for leadership reporting.

Feature Reference

Core modules and what they are designed for:

Risk Register

Central system of record for risk identification, scoring, ownership, and treatment posture.

  • Inherent, residual, and target score tracking
  • Category/domain ownership and accountability
  • Score rationale and auditable history

Controls

Map controls to risks and track whether they are effectively reducing exposure.

  • Control-to-risk linkage
  • Design/operating effectiveness signals
  • Health indicators based on findings and evidence

Assessments

Run internal or third-party questionnaires with review and approval workflows.

  • Questionnaire-driven execution
  • Vendor portal response collection
  • Approval checkpoints and response provenance

Findings

Manage remediation work from issue intake through closure.

  • Lifecycle and status tracking
  • Owner assignment and due-date management
  • Links to controls, risks, and evidence

Evidence

Maintain defensible documentation supporting control operation and assurance.

  • Version tracking for uploaded evidence
  • Expiry/freshness awareness
  • Direct mapping to controls and findings

Risk Catalogues

Accelerate register creation with standard libraries and controlled import mapping.

  • BSI IT-Grundschutz and NIST-aligned sources
  • Category/domain and ownership mapping during import
  • Duplicate handling with import review visibility

Security & Access

Security controls are embedded in workflow and data access behavior.

  • Tenant-scoped isolation for operational data and write operations.
  • Role-based authorization by user type and role permissions.
  • Authenticated API usage with token validation and tenant context headers.
  • Approval and rationale trails for defensible decision history.
  • Provider multi-tenant operations with scoped assignment controls.
Use least-privilege role assignments and periodically review provider/operator tenant access.

Reporting & Exports

Reporting is designed for operational cadence and stakeholder communication.

  • Use dashboard trend and posture views for weekly risk operations.
  • Export risk/findings outputs for audit and board materials.
  • Track treatment progress and overdue remediation actions.
  • Reconcile assessment throughput and pending approvals regularly.

Standardize your monthly export package so leadership receives consistent risk signals each cycle.

Support & Escalation

Support requests are fastest when operational context is included up front.

  • Use the Help Center form and include affected module, tenant, and urgency.
  • Request callback when coordination is needed across multiple stakeholders.
  • Attach reproducible steps and timestamps for technical issues.
  • For billing or access issues, include user email and relevant role context.

Financial Quantification (Open FAIR)

Open FAIR simulation helps convert technical risk scenarios into defensible financial ranges.

Frequency and magnitude inputs

Model expected loss behavior using calibrated event frequency and loss magnitude parameters.

Monte Carlo output

Use simulation output to evaluate expected annual loss and upper-tail exposure.

  • Annual Loss Expectancy (ALE) for planning and prioritization
  • Value at Risk estimates for high-confidence loss scenarios
  • Loss distribution insights to compare treatment options

Ready to operationalize your risk program?

Use FokusRM as your daily control center for risk governance, treatment, and reporting.

Start NowView Pricing