How it Works

Blackthorn uses data items called 'objects' to provide a simple and effective way of recording, tracking, analyzing and reporting important information. There are a range of objects supplied with Blackthorn and you can customize them and even create your own.

Objects

Objects can represent just about anything; activities, people, locations, assets, threats, tasks, vulnerabilities and controls are just a few examples that come pre-loaded and ready to use.

Each object can be categorized by type; so for instance, a control object can have a range of types aligned to a control enterprise such as ISO 27001 or PCI DSS and a Threat object can itself have a list of types. All the object types can be completely customized and it is this concept that allows us to tailor Blackthorn for use in many different fields.

Activities

Blackthorn enables you to use activity objects to describe any work process you would like to undertake. They can be either proactive activities such as assessments, audits, reviews, accreditations etc. or they can be reactive activities such as incidents, cases, crises, investigations etc.

We have used the help of experts in various fields to create Activity Packs which include workflow templates, default settings and object type taxonomies to enable the rapid customisation of Blackthorn for given business applications.

Role-based Access Control (RBAC)

Another important design feature for an enterprise GRC system such as Blackthorn is the ability to define securely separate teams, each managing their own activities in their own way much akin to a normal working organisation. If staff need to have visibility of activities managed by other teams then they can simply be granted roles accordingly.

Blackthorn RBAC eliminates the security concern of additive access which occurs in so many other business systems. If staff move between business teams they will lose access to their previous teams data and gain access to the data managed by the new team.

When there is a need to handle particularly sensitive activities with closed groups of specifically assigned personnel, the Blackthorn RBAC provides a 'Special Handling' function which applies strict mandatory access control over those staff assigned with update and read-only access. This enables management of these issues to be undertaken on a strictly 'for-your-eyes-only basis. Special Handling extends fully to reporting of sensitive activities i.e. incidents and investigations.

A further important aspect of the Blackthorn RBAC is the task assignment which can be highly tailored to issue tasks, manually or automatically to designated personnel. These users only have access to their assigned tasks and not necessarily to the actual activities themselves.

Workflow

A flowchart style is used to drive logical workflow in Blackthorn to support any type of activity with repeatable and accountable process. Stage and task objects are simply arranged in templates to provide manual, semi-automatic or automatic task assignment via email and web. Task tracking is clear and allows precise assignment of available resources to ensure both notifications and actions are sent and completed in the best possible time.

Understanding Risk and Cost

Blackthorn provides a sophisticated risk modelling capability. This allows the risk exposure for any asset or human subject to be understood in contextually correct detail.

Blackthorn automatically cross-correlates important information between reactive and proactive activities and any models to which they are common. This enables empirical data from risk experience and risk assessment to be included in the models, supporting an increasingly accurate and realistic view of operational risk.

The multi-currency accounting engine in Blackthorn automatically calculates the cost of any activity with pin-point accuracy.

Dashboards & Reporting

Graphical reporting using out-of-the-box and user-defined dashboards is provided as standard. Reports can be output to a range of formats. Statement objects can be associated with activities to rapidly build complex and styled reports.

Intelligence Gathering & Situational Awareness

Detailed and contextually correct information can quickly be built up about any given activity by associating objects with it. New objects can be created or cloned and existing objects simply re-used and linked using drag-drop functionality.

Analytical analysis can be easily enacted through wizard style searches and report building. A situational awareness tool called the 'Canvas' can be used to present objects on top of any picture such as a map, diagram or plan and to perform timeline analysis. The canvas is absolutely for team briefing and operations room display.