Cyrima Framework
Learn more about Cyrima Framework foundations
What is Cyrima Framework?
It is a structured approach to project and change management, based on well established good market practices, legal requirements and our own practical experience gathered during consulting engagements. Its description includes several components, which are available to your team by our Knowledge Management Engine:
processes (description of how activities should be orchestrated and managed)
operational instructions (detailed description how to conduct each activity)
product templates (assets that will guide you step by step through key analysis such as BIA, DPIA, or questionnaires to support risk identification for a given project category)
standards (defining quality criteria for IT components and product deliverables)
policies (defining quality criteria for organization and team responsibilities)
Scope of Cyrima Framework
Cyrima covers areas of project and change management,
integrating into IT/Security operations
Business
Baseline
Project and IT Change Management processes based on ITIL, Prince2, PMBoK and SCRUM provide a reference operating model that can be mapped on your organization or used as-is to provide a business baseline for implementing security measures.
Governance, Risk, Compliance
Dedicated Project Risk Management process based on ISO27005 and ISO31000 covers both technical, organizational and compliance risks. It is integrated into every stage of our delivery approach to give you adequate risk visibility as soon as possible.
Third Party Risk Management
Secure Procurement and Contracting, Business Continuity and Key Supplier Management processes were implemented into our Framework to ensure that all your suppliers have clear definition of responsibilities, risks are properly transferred and that you always have plan B for critical business functions.
How to adjust Cyrima Framework to your organization?
Cyrima automates activities that in standard consulting engagement are conducted by delivery team. To provide repeatable quality of implementations, large consulting companies are using tools called „accelerators” that help the architect to adjust the template to Client industry, scale, regulatory landscape and organizational structure. We elaborated this model and embedded its logic in our backed app, so it can be conducted automatically, within ~1minute. There are two levels of adaptation:
Processes, standards, policies and product templates are adjusted to general shape of your organization
Operational instructions are additionally tailored to specific project category. Currently we cover three categories such as Software Development, Cloud Service Implementations and Organizational Transformations.
FAQs
Yes, Cyrima was designed to cover regulatory requirements in all areas included in our Framework. Shortly it will allow you to selectively map particular legal or normative requirements into your project backlog.
Keep in mind it does not mean that Cyrima Implementation will provide full compliance related to GDPR, DORA or ISO27001. Those acts and norms often refer to whole organization, and while Cyrima covers substantial scope of their requirements there are aspects (eg. data retention or customer communication) that you need to cover individually.
In some cases, auditor may require that you conduct additional compliance assessment of our tool by a trusted third party to ensure that our declarations about compliance level are true. This should be expected in large companies from financial or telecommunication industries.
Yes, we can design any IT / Security process and embed them into our Process Wiki. It is also possible to adjust existing processes so you can enjoy full benefits of custom implementation for a fraction of a price. To learn more about our services reach out to our Client Support.
Process flow is more detailed than average consulting product, it uses hybrid notation based on BPMN and use case definition derived from software development – which in pair with our Process Wiki app allows for easier navigation and less traumatic user experience.
Additionally, we cover more detailed level of operational instructions, which provide “how to” description for EVERY security activity in our Framework (there are about 800 in total including different project category variations). This step would be impossible without an app that can filter and present this content in fragments relevant to each case. In traditional model it is supplemented with T&M engagement, where consultant provides “know how” by sharing his personal experience.
Our advantage over traditional delivery model grows with the size of your organization and the amount of simultaneous project streams – since for a price of 1FTE of domain expert, we improve security capabilities of your whole staff and every project team member that has access to our tool.
We can look at Cyrima as a fragment of company operating model. As a fragment responsible for projects and IT changes it needs to integrate into your operations: PMO, IT, Security, Audit, Governance and Procurement functions in particular. To achieve this, it refers to best market practices used to design operating models of those functions, such as: ITIL, COBIT, PRINCE2, TOGAF and a variety of ISO norms.
- Our Clients are provided with video training and detailed implementation tutorial, that covers key aspects of operational implementation. For additional guidelines feel free to contact our technical support
- If you prefer to delegate this task or you need a customized implementation please refer to our services page.
Still have questions?
Contact us for more information and assistance.