PASS GRC - Governance, Risk and Compliance Software

Modular, integrated GRC software to support IT governance

Fully integrated GRC software for IT governance, IT risk management and IT compliance

PASS GRC supports processes of IT governance, especially risk management, audits and KPI-based controlling.
The modern, user-configurable application environment includes notification and reminder management and ensures audit compliance. This results in an improvement for companies in terms of quality and productivity of collaboration, especially in risk management and internal and external audits.

The Governance Model of an IT Organization

Based on laws, standards and its own strategy, the IT organization of an enterprise has to define objectives and establish and implement necessary activities or measures (controls) as well as directives/guidelines. Risks associated with inadequate achievement of objectives must be regularly monitored and addressed (risk management). The adherence to the controls must always be checked within the scope of internal or external audits (compliance). Management requires KPIs (key performance indicators) for the timely monitoring of compliance with target values (controlling).

GRC software: PASS GRC-Model — PASS GRC-Model

Legal basis

Support of legal requirements, e.g. EU GDPR, sector-specific supervisory regulations such as BAIT/VAIT and management system standards such as ISO/IEC 27001.

Control requirements can be flexibly defined and adapted to, e.g. legal/regulatory requirements, management system standards. The use of existing rules and regulations enables rapid system availability.

Guidelines, respectively directives are available at a central location through the GRC tool. This ensures that all responsible persons are automatically reminded of necessary reviews and approvals.

Auditors can interact with asset owners in the risk module. The configurable workflow facilitates collaboration between auditors. The auditor has access to all results and findings of completed audits.

All parameters of the risk management process can be defined according to the specific requirements of the company. Those involved in the process are automatically reminded of pending or overdue activities.

Unchangeable snapshots are saved after data changes. These can be compared with each other, so that the change and the user who made it, along with the date and time of the revision, can be identified.

With the help of configurable adapters, KPIs can be updated periodically by accessing external systems, e.g. ticketing systems. A central dashboard shows the status of all KPIs and enables detailed views.

User-centered interface
PASS GRC offers the user a uniform interface and user guidance across all modules, which can be customized. For example, users can save their own column settings and filters for each mask and call them up again at any time.
Notification and reminder management
Immediately after logging on, each user is shown in his or her personal dashboard which processing steps are pending or overdue due to his or her assignment.
Workflow
Status values can be defined independently for all modules. It can be defined which status values are relevant for the notification and reminder management.

Authorization system
The configurable roles/rights system allows a fine-grained definition of function-related rights for internal and external users. The visibility of risks, checks and measures can be reliably restricted by assigning freely definable scopes for each user.
Flexible adaptation to company-specific requirements
To customize the risk module, numerous options, intervals, lead times for displaying due processing steps in the dashboard, etc. can be customized to meet the specific needs of the company.
Report Generator
An optionally integrated report generator enables the creation of standard reports and their provision for retrieval by defined user groups.

For users and the technical side

Customizable, user-friendly interfaces with contemporary UX design.
Configurable notification and reminder management.

For IT or divisional managers

Interactions and transparency between the modules, such as auditor insight into risk assessments and triggering a reassessment of risks.

For decision makers and management

Conformity of the own GRC processes to the defined goals.
Possibility to anticipate threats to the achievement of objectives.

Our services

With our services we offer implementation support to the necessary extent. This includes for example

the analysis of your processes and requirements,
the setup and configuration based on existing frameworks or the transfer of existing data,
the integration into your system landscape,
the creation of adaptors and
the training of your users.

Our experts will be happy to advise you on setting up or integrating existing management or control systems and will also support you in working with external auditors.

Within the scope of maintenance, we provide you with necessary updates, for example in case of changes in relevant laws or standards.

General

Which sets of rules or standards are supported?

In principle, the control specifications are freely definable and can be adapted to any specifications. For many areas, corresponding frameworks already exist, which can be specified.

Can an existing control system be adopted?

Yes, the import of existing target descriptions and control definitions is possible.

Is the application audit-proof?

Yes, for each data change it is traceable which user made the change and when.

Can the rights of the users be restricted?

Any number of roles can be defined. For each role, different functional areas can be reduced (e.g. read only, invisible). If necessary, this can be carried out on the level of individual GUI elements. Scoping can also be used to limit the visibility of the data in fine granularity.