Access Segregation
System provides high-end design of multiple related or non-related organizational schema, called Hierarchies. Each Hierarchy is a drill-down tree with multiple levels that ensure inheritance relations to the handled information and proper access segregation.
Application users are identified via secure shell that ensure that no passwords are stored in reversible form anywhere in the system. Simplified, it means that only particular person is owner of its credentials. There are no super-power users, unless you explicitly want them, no privileged users such as “IT admins” or similar. There are no “service” accounts.
FURIA security shell ensures complete encapsulation of information. That means that visibility of information depends only on designated Hierarchy structure and roles of users in particular Hierarchy. However, the access to particular information can be delegated to particular user, if needed, which comes in handy when it comes the question of temporary replacements and shared responsibilities.
Information Input
The issues, whether they are internal or external audit findings, regulatory compliance requests or demands, executive decisions, results of risk or security assessments or any other form of business request, are based on shape-shifting atoms, flexibly designed structures of information, according to business needs and existing processes in your business environment.
The issues – atoms – can be entered manually or within the integration workflow which can be generated on demand. Atoms can be grouped into more complex elements (reports) that in typical business processes present the integrated complex instance of the process output, such as audit report, compliance report, etc.
What exact information is stored in each type of atom or each type of report, it is a matter of your process workflow and information structure, e.g. if you want 20 different fields to be fulfilled in each and every report and 10 more optional fields – consider it done in few steps! Which of them will engage reporting dimensions, it is up to the customer.
There are core types of information that FURIA is handling, such as text, numeric, dates, documents and fully-customized lists of values. The last one gives you opportunity to use specific terms that are common to your employees and processes, e.g. you set your risk levels to Low/Important/Critical/Severe instead of using typical H/M/L, numeric (1-5) or other usual identifiers.
Information Processing
The ways how the information is processed are in most cases not limited by application internal design, or at least typically do not require significant (read: costly) changes. However, there are workflows that are targeting common way of handling information, such as approval of changes, notification of designated users about changes, unification and upload/download of documents, referencing atoms and other objects, etc.
Some rules are proven recipes from the real world of controls management and represent best practices that we adopted and integrated. Thus, the approval of changes is the matter of application parametrization; contributors differ from authors, or supervisors, although you can have people that only handle internal document management and nothing more. Hierarchies are there to ensure inheritance and encapsulation of information; still, you can be “big boss”, just sit on the top of the Hierarchy or get proper delegation of access.
The internal design of the system FURIA enables easy creation of interfaces with outer world, your other systems, without involving high costs for application changes. Use of Microsoft SQL and SSIS platforms ensures that all relevant platform can be reached from the application, or vice versa, preserving maximum security of the information.
One of the key features is historical view of information, e.g. integrated point-in-time reporting system enables you information (e.g. some audit finding) in a form and with the exact content what was last year on Christmas eve, just before you reorganized audit findings according to changes to your Organization tree, with all comments, changes and actions taken up to that particular moment.
Reporting
Issues and reports can be treated individually in the reporting system, or they can be combined into more complex reporting outputs e.g. reports on all types of issues related to some particular law regulation or standard, or reports that matter only one sector or other smaller organizational unit.
Combining multiple and not directly linked environments (e.g. audit and risk management, compliance and security, etc.) FURIA enables you to easily get comprehensive cross-area reports on all open (and closed) issues, so Management can quickly get current or historical information (point-in-time reporting), and perform detailed follow-up, create briefings or some interesting efficiency estimations.
Reporting engine is based on proven, secure and highly flexible technology that do not require special licensing, neither it engage any third-party technology other than mainstream MSSQL and its BI environment (SSRS, SSIS, SSAS).
Dimensions and measures, the terms frequently used in OLAP DBMS systems, are available to the customers in a predefined or specially designed form of OLAP CUBEs, so users that are not much IT-oriented can create theoretically unlimited number of custom-made scenarios and variety of reports directly from their most familiar environment – Excel. Playing with CUBEs, managers are able to drill down and slice the information in a way that best fits the real needs.
System architecture
There are two infrastructure models of FURIA system available to the customer:
(1) in-house FURIA infrastructure
your datacenter, your hardware and software platform, your network
(2) FURIA hosted on the AZURE cloud
high-available hosted hardware and software platform, modest internet link
Although the infrastructure platform is matter of your choice in accordance to your outsourcing policy and particular business decision, you are not limited only to that initially selected platform. You can always shift from the local infrastructure to the cloud environment, and vice versa.
One good example would be consortium of your companies where some of the insist on local infrastructure but several group members are not willing to invest in hardware, software and maintenance, so they are more pleased with online solution. No problem! Have them decided about the implementation of their FURIA instance and later on have them centralized under the single roof, within your Group infrastructure. Or, you can leave them like they want and make FURIA communicate all these instances across the country or the world to gather and manage information as it is case for single FURIA source.
Besides the chosen infrastructure, the system can be handled according to your company security and maintenance policy:
(a) maintenance by your admins, or
(b) maintenance services completely or partially outsourced to FURIA team.
Which way you will turn, it depends on your choice and circumstances that best fits your needs. And of course, you can always mix maintenance options to cut the costs or release your admins from additional work.
System requirements
The content is being updated. Please check back soon to see what you’re looking for.