After being directly involved with ISO 27001 implementations since 2006, in early 2013 we had enough seeing the struggle of our customers maintaining and managing ISO 27001 related information security risk assessments. All of them were totally dependent on Microsoft Excel (surprise, surprise) to manage their assets and risks. I don’t even want to start ranting on how tedious and cumbersome it can get managing risks using a spreadsheet.
We decided to build a cloud-based software to handle just the risk assessment part of ISO 27001. We applied for a Malaysian government grant to fund the development work and after a few months of submissions, resubmissions, evaluations and re-evaluations, we were awarded the grant to build our risk management software.
One of the challenges that we faced in the early phase of development was to strike balance between features and price. We know that most ISO 27001 certified organizations were already burdened with the high cost of maintaining the certification year-on-year. The last thing they would want to hear was that they have to burn their pocket further to pay for this software. So we decided to build it with simple features (not to feature bloat it with unnecessary “nice-to-have” features – like many risk management software in the market) but functional. You can read a great article by HubSpot on why feature bloat can be detrimental to any product – http://product.hubspot.com/blog/the-5-whys-of-feature-bloat.
After all the hustle and bustle, firing of contractors and missed deadlines, we launched the first version in early 2015. It was an instant success (even though I wasn’t too happy with what we developed) that we managed to get some key clients in Malaysia to use it. Fast forward to February 2017, we have already launched the 3rd generation of CompSuite and I am “pretty” satisfied with it. The biggest success is to come up with a risk model which we call “Smart Modelling of Information Security Risk Management”. The smart model comes with security risk intelligence which will automatically auto-populate all the potential risks to your assets and the potential treatments to the risks which will essentially save you plenty of time and increase the productivity of your team.
CompSuite Dashboard as of February 2017
We are extremely optimistic that 2017 will be a landmark year for CompSuite and we target to reach the 100-customer milestone. We will also be adding risk assessment module for ISO 9001 in early Q2 and business impact analysis (BIA) in late Q2 of 2017.
I would like to take this opportunity to thank all the early adopters of CompSuite. Without you, your feedback and support, CompSuite won’t be what it is today.
Sivanathan is the Founder & CEO of Cyber Intelligence Sdn Bhd. He has more than 14 years of experience in information security service offerings and product innovations and has performed work for various governments and multi-nationals. He is a CISSP and holds a Masters Degree in Information Security.