GRC Controls & Assessment
Create and manage controls for the policies and assessments on those controls to measure organization compliance and map those controls to organizational policies to the organization structure for auditing.
- Create / Import Controls
- Create Assessments on Controls
- Assign Internal and 3rd Party Users
- Review and Approve Assessment Responses
- Build and Distribute Reports
- Centralize storage of the creation, mapping, and update of internal and external controls and associated compliance documentation; such as process narratives, flow charts, and SOPs in any format (e.g. Adobe PDF, MS Word, and MS Excel) can be attached at any stage of the process as supporting information and evidence.
- Establish automated, replicable workflows for all business processes related to control testing and review to ensure timely documentation ahead of testing cycles, and remove risk onset by control gaps.
- Define operational controls (guiding behaviors, governance framework) to enforce policies coupled with internal and external organizational measurement for ownership, auditing, acceptance/fail, surveys, checks, and verification
- Map common controls to various regulations and reduce control testing/auditing overhead with test once, report many
- Import or use pre-loaded from 3rd party controls libraries; such UCF, or CCM (from the Cloud Security Alliance), or bring in your own control frameworks from excel with the ability to update as soon as new versions are released.
- Visualize and reconcile changes across control versions with alerting and notification on regulatory control changes as soon as newer releases updated.
- Deliver assessments to vendors and clients through an email linking to a secure portal for completion enabling employees and third parties to be notified of the assessment and required to answer questions and supply supporting documentation and evidence.
- Easily modify the risk and compliance scoring from assessment results formulas through a point and- click interface for optimum results.