STRUCTURAL COMPLEXITY & RISK ASSESSMENT
When an organization is tasked with analyzing their end user computing environment, it is crucial that they have the tools to interpret and thoroughly review the results of Discovery scanning. Typically, defining EUCAs – especially those that are mission critical and subject to more rigorous controls – relies on both an assessment of the file’s technical processing complexity and a larger assessment of the file’s impact on the organization. Apparity facilitates both assessments with its Structural Complexity rating and qualitative Risk Assessment.
The Structural Complexity of files within an organization is determined by a customized algorithm defined by the organization. Apparity is able to take any of the file attributes gathered during Discovery (basic details, sensitive content flags, structural details, formula statistics and more) and add them to this algorithm so that files are separated into High, Medium and Low Structural Complexity.
The benefits of this assessment are numerous but can vary by organization; some use Structural Complexity to determine the level of EUCA controls required, others to determine which files require transfer to certain IT or EUCA maintenance teams, and some use Structural Complexity as one input of a larger, qualitative Risk Assessment.
Apparity’s customizable registration forms serve as a perfect platform for an organization-specific Risk Assessment, which weighs considerations like the file purpose, relevant regulations, report visibility and more to perform a more comprehensive assessment of how much risk the file presents to the organization. This can be used in conjunction with the Structural Complexity to combine both complexity and business purpose concerns in a single assessment. Not only does the information captured during the Risk Assessment help an organization achieve certain policy goals, it also provides a more nuanced picture of the EUCA landscape.