GRC – Governance, Risk, and Compliance

Governance, Risk Management and Compliance, abbreviated GRC, is an active approach to IT security, where the security level of information and data is processed in a collaboration between the organization’s management and functional managers, with a focus on risk management, compliance requirements and legislation.

Complete GRC tool in enablor

I-Trust’s GRC platform is part of enablor. It is a comprehensive approach to IT and security management that brings together the entire organization’s security strategy, quality management systems, risk management and administration of compliance requirements. We deliver a complete platform solution where your organization can manage, control and document your governance, risk and compliance initiatives.

GRC modules:

Security activities center

This is where the organization’s security tasks come together – regular follow-ups in the annual cycle and ad hoc tasks, such as measures for improvement and incidents. You can distribute tasks across the organization and get an overview of activities.

Security

Module for security tasks with access to risk management activities such as vulnerability assessments of systems and consequence assessments of business processes. It includes a tool to register and manage incidents and data breaches.

GDPR

With the GDPR module, there are no more ad hoc processes and local Excel sheets. It is an integrated solution where we, among other things, have integrated supplier management with access to lists and contracts.

Audit

enablor’s Audit module is used for follow-up on internal and external processors of data. The audit result is included on the digital platform and is part of the documentation of safety on the inspected.

Master data

Description of master data, e.g. critical treatments, systems and data are collected in the same module. Data is set up and managed in accessible overviews and graphical tools. Master data can be qualified and systematized in relation to confidentiality and importance to accessibility and integrity.

Reports

In the Report Center there is access to a number of compliance and status reports generated based on selected data. Here you have access to simple extracts for your own processing and a business intelligence module with the possibility of making your own analyses.

Based on laws and recommendations

The GRC solution is a tool where we strive to make it userfriendly and easily accessible for our users. For the organization, enablor creates the necessary overview ensuring that risks and inefficiencies are detected and dealt with early. Compliance assessment and management can be used in relation to several standards and legal requirements:

  • GDPR and data protection laws
  • ISO 27001-2
  • Cyber Security – SC 20
  • Quality management systems – ISO 9001
  • IT-Service Management ISO 20000-1
GRC deployment model

Governance

  • Strategies for protection of personal data and information
  • Determination of processes, roles and responsibilities
  • Compliance with legal and contractual requirements

Risk management

  • Classification of treatments and systems in relation to quality
  • Vulnerability assessment
  • Threat assessment
  • Protective measures
  • Cyber Security

Compliance

  • Ensuring that the company acts in accordance with laws and agreements
  • Contract and supplier management
  • Incident management
  • Disaster contingency plan
  • Audit of external data processors