As a CLAS Consultant and Information Security risk practitioner I recently got really frustrated trying to organise and present the many to many relationship of elements involved in risk management. I felt I needed a tool that would help me both manage, organise and present risk in a simple and palatable way without having to manage complex spreadsheets and if it did so quantitatively so much the better. I had come across STREAM previously whilst working for CSC but as is often the case I had no budget to invest in a proof of concept to test STREAMs functionality and usefulness at the time, so it got put back on the shelf and forgotten about for a couple of years. The shakeup in risk management in HMG reignited my search for a flexible tool that could serve my various purposes and so I re-discovered STREAM. What really excited me this time around was that Acuity were just launching their Consultant Partner Programme which allows you to obtain a fully functional Single User License. The training is provided free, although took a little longer than I expected, but the test at the end of each training session was straightforward.
 
I now have a grasp on the use of STREAM, thanks to the free training. Having gone through the Consultant Partner Programme I have a fully functional copy of STREAM and I have the flexibility I so desired because the Framework allows you to adopt a variety of risk standards, of which, the three that really interest me are ISO 27001, ISF Standard of Good Practice and NIST, although there are many more.
 
Whether you are responsible for an ISMS or whether you are simply doing a consultancy risk assessment STREAM will facilitate your governance, risk management and compliance responsibilities.

Alez Stezycki

Capgemini

Central Bank of Lesotho LogoThe Central Bank of Lesotho has been using STREAM to support its Enterprise Risk Management since 2012.  The Bank started initially with Acuity’s free single-user Edition of STREAM extending in early 2014 to a 5 concurrent multi-user Edition and then again to a 10 concurrent user system in 2015.  Acuity recently provided on-site training in to the ERM Team and senior management briefings.  In general we found that the training was well organized and easily followed by all attendees. Relevant training material was sent ahead of schedule to allow adequate reading time prior to training taking place meaning consultancy time on-site was well utilized. The consultant from Acuity Risk Management overall was excellent and delivered the desired objectives that were set out around the needs from the Central Bank of Lesotho.

Teboho Mpheteng (Mr)

Enterprise Risk Management (ERM)

Phoenix IT Services had an initial need to certify part of their business to the latest ISO 27001:2013 standard.  When we first calculated the timescale needed to achieve this, we estimated that the original timeframe would be between 10 to 12 months to actually achieve certification – However, due to client pressure we needed to complete the program in a much shorter timeframe.  In order to achieve this we looked at the possibility of utilising a software based management program that would streamline our processes and give us an ongoing status of our efforts.  After some initial consultancy and testing of Acuity’s STREAM product which we implemented,  this  allowed us to go from the start of the ISO 27001:2013 process to certification in only 6 months, which also gave us the ability to carry out the required assessments with significantly reduced administration, easier tracking of findings, events and actions.

Following the success of the above we are now using STREAM within other parts of the business which has enabled us to successfully transition from ISO 27001:2005 to 27001:2013. 

An additional benefit of STREAM is the ease of integrating different standards into the database structure; and we are now currently using STREAM for ISO 27001, 20000, 14001 and 9001 compliance.

From a managerial point of view STREAM helps decision making by senior management by allowing risk and/or compliance reports to be produced at any point in time.  We have also been able to successfully and confidently grow our team based on constant metrics that STREAM provides around the input needed for the certification process and maintenance.

Harry Neilson

Phoenix IT Services

From the onset of the implemention of our ISMS, we needed a system for effectively managing our information assets, risks, controls and events, while being intuitive for staff to maintain; and evidencing compliance with ISO 27001 to a wide range of stakeholders. We are now upgrading our ISMS to ISO27001:2013 and we are sticking with our STREAM implementation. STREAM covers all our requirements, and provides scope for further expansion across the organisation.

 

Acuity have been an exemplary supplier, with passionate and extremely knowledgeable individuals, dedicated to providing prompt customer support. 

Andrew Glencross

NHS Wales Informatics Service

Synectics Solutions LogoSynectics Solutions now rely heavily on STREAM for ongoing management of key aspects of their ISO 27001:2013 ISMS.

STREAM was pre-configured with the latest version of the standard and played a major role in our recent certification. The version we deployed, which includes web-based access, allows security champions across all business functions to be directly involved in the assessment of security risks and controls for their respective areas. 

Steve Sands

Synectics Solutions

When we started to implement an ISMS compliant with ISO 27001 it was clear from the onset that we would need a system for effectively managing our information assets, risks and controls. We looked carefully at what was available in the market and - among many other things- decided to download a copy of the free single user version of Acuity STREAM to try it out. 

We are now upgrading our ISMS to ISO27001:2013 and although this no longer has a compulsory requirement for asset based risk management, we are sticking with our STREAM implementation for sure. STREAM covers all our requirements, is easy to maintain and Acuity have been exemplary in providing customer support: dedicated, fast and extremely knowledgeable. Highly recommended!

Niko Bel

Linx Telecom